commit - ec9e6dca670c0319d52d9041f304d065b2ac5e48
commit + 535262f730f916cd65f851fffc66b5eb2aaf9359
blob - 8c5b44600dacda7a26f1be6ffec217d0c4e9c5c4
blob + db83c318b89e9974382afd6806ffad62b6887bfb
--- wiki.d/.pageindex
+++ wiki.d/.pageindex
-Almanack.AdvancedMailServerSetup:1731470982: : ssl_prefer_server_ciphers alertphishingsslmismatch advancedmailserversetup whitelist_sender_domain allow_username_mismatch pop3_fast_size_lookups alertencryptedarchive pop3_no_flag_updates alertphishingcloak temporarydirectory alertencrypteddoc pop3_uidl_format ssl_min_protocol wl_sender_domain alertole2macros ssl_cipher_list scan_image_mime scan_mime_parts symbols_enabled authentication login_greeting misclassifying databasemirror unixsocketperm sign_networks inet_listener configuration automatically unix_listener mail_location communication circumstances unfortunately authenticated skip_process combinations dkim_signing restrictions 1amapassw0rd preparations maxrecursion certificates customizable wl_antivirus whitelisting introduction localforward misbehaving environment notifyclamd dkim_signed effectively furthermore connections alternative letsencrypt assumptions comfortable logfacility attachments greylisting localsocket information configuring management bruteforce containing accessible submission completely maxclients especially hostmaster configured postmaster disconnect redirected log_daemon identifies clam_virus installing legitimate forwarding definition connecting encryption _domainkey reconsider quarantine additional particular challenges mailboxes addresses localhost opensmtpd interface depending _dkimsign necessary following passwords trainable debugging sign_only sign_auth recipient doesn’t providing available transport disabling mail_home attackers rejecting therefore positives groceries freshclam protocols authority listening detection confident logsyslog no_fcrdns including tcpsocket detectpua openfiles preferred fullchain negatives exception recommend signature instance whenever _dovecot hostname multimap ssl_cert removing packages blocking virtuals required generate settings contains actually commands requests almanack examples provider supports there… internet scanning selector overhead creating outgoing provides tweaking increase messages handling teaching describe outbound detected purposes fighting incoming limiting probably delivers you’ve silently software received although catching requires services manually overload attempts firewall building together strength accepted failures addbrute original guessing mailname aliases no_rdns logtime restart ssl_key options timeout running warning equally blocked don’t trusted private smtpctl tcpaddr _clamav daemons privkey allowed staging account problem attacks include lessons entries similar without testing started expires malware persist traffic packets renewed dropped defined opening through storage replace loading modules monitor improve domains doveadm instead correct listens scanner comment won’t easiest destroy logging general maillog default content browser readded another reached suggest between anymore machine sockets _rspamd usermod arrives systems perform handles folders nologin because let’s openssl primary openbsd finally useradd lengthy pkg_add already handful locally script pubout readme common extend create ignore minute bypass filter beware should santas passwd action static extras writer userdb driver shield rather public before expiry hosted matter either ssl_dh dh4096 import export passdb blocks scheme remove pieces during affect egress needed highly _smtpd rs_cl_ prefix chance number _redis around member notice adding memory sooner genrsa checks helper little higher stores source faster second failed facing it’s change pubkey called answer stored logged points always simple longer result suited course plenty guides beside parser first quick those rates chmod after vmail about names muser rcctl dbdir small known dkim1 above lines email clear least speed later could chgrp nuser these pgrep using cases leave found phase under every users radar fetch while posts https needs abuse valid which smtps types agent might right share chown pfctl httpd rules today cover flush value mkdir score strip group owner level touch adapt false order apply until flags daily stays makes enull 11334 anull tlsv1 gives scans stats below lucky hosts issue quite comes based cname punch relay pop3s named study trick knows three alone happy basic keeps shady want from done sure such that ipv4 both your next some whom ipv6 exec this doas path into used mbox rcpt echo find best lmtp args krsa kdhd 3des away 0600 will mode text must hard disk just have gets left many 020a sbin 2001 c000 down 0750 1024 2048 same them good spf1 zone well like aaaa tune take care acme page 0640 deal land they fill wild root dump 3310 kind what save free huge site easy feel link five tell even than show most 020b true 0440 once slow hold ssh var web yes put few its far 587 550 fly crt pki src 10m try but 127 lo0 192 usr db8 rrs too txt 770 may rwx bag 128 tmp org api v02 url pem 110 due blf adh rc4 psk md5 995 gid dss got fit srp mx my mv
-Almanack.Almanack:1731470919: Lists.Ircnow Minutemin.Code Minutemin.Server Minutemin.Duty Minutemin.Questions Minutemin.Progress Medals.Intro Team.Welcome Team.Testing Servers.Rights Team.Announce Team.Federation Ircnow.Dogfood Team.Networks Congress.Procedure Congress.Documents Ircnow.Milestones Ircnow.Roadmap2021 Ircnow.Roadmap2022 Ircnow.Roadmap2023 Ircnow.Roadmap Ircnow.Status2022 CodeForce.Deploy Abuse.Code Ambassador.Markets Ircnow.Metrics Ircnow.Nsf Ircnow.Newdeal Ircnow.Daughtersofliberty Netizen.Ellisisland User.Welcome Netizen.Become Netizen.Rights Freedom.Selfadmin Freedom.Independence Freedom.Fork Ircnow.Constitution Freedom.Religion Freedom.Firstamendment Freedom.Software Freedom.Privacy Freedom.Homestead Freedom.Madeonirc Freedom.Unix Freedom.Startupdream Freedom.Openforeveryone Freedom.Dueprocess Freedom.Checks Freedom.Rulebylaw Freedom.Federation Freedom.Union Freedom.Universal Freedom.Radio Ircnow.Education Openbsd.Intro Vmm.Configure Vmm.Install Vmctl.Usage Vmm.Linux Vmm.Sysupgrade Vmctl.Disk Vmctl.Reinstall Vmm.Intro Vmm.DebianIso Vmm.DebianInstall Vmm.Debian Vmm.Optimize Vmm.Ubuntu Vmm.DevuanIso Vmm.Devuan-ISO Vmm.Alpine Vmm.Arch Vmm.Plan9 Vmm.Router Vmm.Homerouter Ipmi.Java Openbsd.BBB Openbsd.Orangepi3lts Openbsd.Upgrade67 Openbsd.Upgrade68 Openbsd.Upgrade69 Openbsd.Upgrade74 Openbsd.Upgrade75 Openbsd.Sysupgrade68 Openbsd.Sysupgrade69 Openbsd.Sysupgrade70 Openbsd.Sysupgrade71 Openbsd.Sysupgrade72 Openbsd.Sysupgrade73 Openbsd.Sysupgrade74 Openbsd.Sysupgrade75 Openbsd.Sysupgrade Openbsd.Install67 Openbsd.Install68 Openbsd.Install69 Openbsd.Install70 Openbsd.Install71 Openbsd.Install73 Openbsd.Install74 Openbsd.Install75 Openbsd.Install Openbsd.Bsdrd OpenBSD.OnOVH Openbsd.Bootconf Openbsd.Singleuser Openbsd.Books OpenBSD.ResetPassword License.Publicdomain Gpl.Flaws Bsd.Hope Bsd.Labor License.Discriminatory Tcpip.Overview IPv4.Overview IPv6.Overview Tcpip.Sockets Ip.Netmask Tcpip.Ports Buyvm.Ipv6 Openbsd.Anycast Hostnameif.Static Hostnameif.Static-v2 Ifconfig.Change IP.Myaddress Almanack.Ifconfig Route.Usage Openbsd.Wifi Resolv.Conf Hostname.Usage Route.Hostnameif Dhcpd.Configure Openbsd.Npppd Openbsd.Pppoe Ntpd.Configure Dhclient.Configure Route.Sourceaddr Ifconfig.Wifitoethernet Gre.6in4 Gre.6in4nat Openbsd.Pf Pf.Guide Openbsd.PFStable Openbsd.PFTesting Openbsd.Pfbadhost Pf.Vpn Pf.Bittorrent Ddos.Intro Openbsd.SSDP Openbsd.ACKFlood Openbsd.RSTFlood Openbsd.SYNFlood Openbsd.HTTPFlood Openbsd.NTPAmplification Openbsd.UDPFlood Openbsd.Amplification Openbsd.Ping Openbsd.Tcpdump Netcat.Usage Netcat.Irc Netcat.Http Netcat.SMTP Telnet.Http Openssl.Http Openssl.Imap Openssl.Smtp Openssl.Check Openssl.Encryptfile Bgpd.Configure Dns.Overview Dns.Records Dns.FQDN Dns.Registrars Dns.Vhost Vhost.Freedns Vhost.Ircnow Nsd.Configure Nsd.Masterslave Nsd.Troubleshoot DNS.RDNS Dns.Zonefile Nsd.Zone Dns.Troubleshooting Openbsd.Delphinusdnsd DNS.Mail DNS.SPF DNS.DKIM DNS.DMARC DNS.MTA-STS DNS.Ipv6rDNS DNS.Ipv4rDNS Unbound.Configure Host.Usage Dig.Usage Openbsd.Unboundadblock Unbound.Blacklists Rbldnsd.Install Dns.BindResolver Unbound.LAN Unbound.DNSSEC Gpg.Verify Signify.Verify Duplicity.Usage Iked.Configure Vpn.Vpn Iked.Newconfig Vpn.Myipaddress Iked.Sitetosite Tor.Torsocks Tor.Hidden Tor.Irc Tls.Overview Tls.Intro Tls.CA Acme-client.Configure Acme-client.Cron Relayd.Acceleration Relayd.TLSMulti Letsencrypt.Expired Acme-client.AutoRenew Dehydrated.Configure Acmesh.Configure Sshd.Configure Ssh.Client Ssh.Fingerprints Openbsd.Sshbackdoor Sshd.Disablepassword OpenSSH.Keygen Openssh.Skey Openssh.Totp Openbsd.Drawtermssh Openbsd.Two-FactorAuth Openbsd.Sftp Ftpd.Configure Torrent.Configure Cvs.Anoncvs Cvs.Intro Cvs.Cvsweb Cvs.Repo Cvs.Guide Paster.Install Fiche.Install Openbsd.Www Openhttpd.Configure Openhttpd.Hosting Openbsd.Httpopenproxy Openhttpd.Perl Openbsd.Php Openhttpd.Tls Openhttpd.Website Openhttpd.CGI Openhttpd.Chroot Pmwiki.Install Pmwiki.Simpleurl Pmwiki.Replace Debate.Wikistyle Ikiwiki.Install Openbsd.Dokuwiki Squirrelmail.Install Roundcube.Install Wordpress.Install Openbsd.Oscommerce Openbsd.Cumulusclips Openbsd.Fluxbb Openbsd.Question2answer Openbsd.H5ai Openbsd.Easyapp Openbsd.Manna NodeJS.Install Openbsd.Cgit Stagit.Install Got.Repo Gotweb.Install Got.Usage Got.Server Got.Mirror Mariadb.Install Irc.Guide Irc.Chanop Ngircd.Oper Irc.Services Irc.Clients Irc.Easy HostServ.Rules Unrealircd.Install Almanack.TheloungeWebircClient Znc.Install Znc.Chroot ZNC.Admin ZNC.Support Openbsd.ZNCModules Znc.Patch Znc.Usage Znc.Relayd Znc.I18n ZNC.Troubleshoot Znc.Debug Debate.Zncdefense Debate.Zncflaws Soju.Install Psybnc.Install Openbsd.Ilines Ambassador.Ilines Debate.Ircv3defense Identd.Configure Oidentd.Install Oidentd.ZNC Oidentd.Changeident Openbsd.Ii Openbsd.Sic Ngircd.Install Ngircd.Link Ngircd.Ssl Ngircd.Sins Ngircd.Loginconf Hopm.Install Openbsd.Acopm Hopm.Telnet Openbsd.Hopm-NowWithInit Hunchentoot.Install Achurch.Install Anope.Install Atheme.Install Pylink.Install Pylink.Chroot Bitlbee.Install Openbsd.Matterbridge Eggdrop193.Install Eggdrop191.Install Openbsd.Tcltls Eggdrop184.Install Eggdrop.Nickserv Wraith.Chroot Openbsd.Wraith Openbsd.Biblebot Botnow.Install Openbsd.Ircrelayd Category.Perl Openbsd.CPAN Unix101.Unix101 Unix101.Wechall C101.C101 Debate.WhyNotC Almanack.C C.Cprimer Openbsd.Vi Openbsd.Mg Openbsd.Ed Emacs.Emacs Opensmtpd.Configure Openbsd.Opensmtpd-relay Openbsd.Opensmtpd-2 Openbsd.Mailopenproxy Opensmtpd.Troubleshoot Opensmtpd.Openrelay Opensmtpd.Test Rspamd.Configure Opensmtpd.Inbox Almanack.AdvancedMailServerSetup Dovecot.Install Mlmmj.Install Mlmmj-archivist.Install Mutt.Connect Openbsd.Fdm Openbsd.Newdisk Fdisk.Usage Openbsd.Disklabel Openbsd.Growfs Openbsd.Pkg Openbsd.Ports Pkgadd.CheckUpdates Doas.Configure Syspatch.Syspatch Openbsd.Cron Rcctl.Rcctl Openbsd.Adduser Openbsd.Localtime Dd.Iso Dd.Usage Ln.Intro Tmux.Config Tmux.Share Openbsd.XTerm Openbsd.Backups Openbsd.Dump Openbsd.Restore Openrsync.Usage Rsync.Usage Openbsd.Dmesg Atactl.Usage Almanack.DumpBackupWithSCP Openbsd.Fstab Newfs.Usage Mount.Usage Openbsd.Iplookup Openbsd.Hier Openbsd.Base64 Openbsd.Uim Crontab.Edit Ps.Usage Kill.Usage Vi.Intro Cron.Suppressmail Openbsd.Vipw Tar.Usage Openbsd.Rcctl Syslogd.Configure Syslogd.Remote Openbsd.Panic Openbsd.Sysctl Swapctl.Usage Ffs.Intro Softraid.Install Softraid.Rebuild Disklabel.Usage Disklabel.Partitioning Ksh.Bash Ksh.Redirection Ksh.Autocomplete Shell.Limits Shell.Cronjobs Openbsd.Outofmemory Ln.Shell Openbsd.Freeciv Openbsd.Openttd Olympics.Games Chess.Reading Chess.Chessgogi Chess.Tournament Chess.Limitsbot Fics.Install Fics.Admin Math.Reading Shelllabs.Intro Shelllabs.Reading Shelllabs.Quotes Shelllabs.Manifesto Camping.Gear Openbsd.Minetest Minetest.Addingarenas Minetest.Serverlocations Minetest.Texturestyle Minetest.Updating Minetest.Worldbackup Texlive.Install Texlive.Sinhala Asterisk.Install Sox.Concat Openbsd.Ffmpeg Parec.Record Openbsd.Recordaudio Ffmpeg.Recordscreen Leafnode.Install Webnews.Install Gazette.Gazette Openbsd.INN Openbsd.Gopher Openbsd.Gophernicus Openbsd.Geomyidae Bucky.Install Prosody.Install Biboumi.Install Gomuks.Install Akkoma.Install Openbsd.Misc ISCABBS.ISCABBS Hosting.Hosting Hosting.Providers Hosting.Requirements Openbsd.Security Chroot.Intro Password.Management MITM.Intro Openbsd.Phishing Password.Hashes Password.Schemes Password.Words Openbsd.Dos Openbsd.Spam Openbsd.0days Openbsd.Rootkits Pledge.Intro Unveil.Intro Openbsd.Databaseperms Openbsd.Secureweb Openbsd.Trust Openbsd.Defaultdeny Openbsd.Loginconf Openbsd.Ids Openbsd.Setuid Openbsd.Sa Openbsd.Quota Openbsd.Shell Police.Intro Police.Fingerprints Openbsd.FilePermissions Openbsd.Oath-toolkit Doxing.Defense Team.Security Sheriff.Intro Openbsd.Xenodm Xfce.Install Fvwm.Configure Xdefaults.Configure Synclient.Configure Cwm.Configure TigerVNC.Install TigerVNC.SSH Wsconsctl.Usage Fdroid.Install 9.9 9.Shell 9.Install 9.Partdisk 9.Plan9ini 9.Links 9.Shocase 9.Rcpu 9.Drawterm 9.JSDrawterm 9.101 9.Bootcamp 9.9paste 9.Independent 9.Cheatsheet 9.Sysupdate 9.Packages Rio.Customize 9.Chording 9.Ssh 9.Netcat 9.9gridchan 9.Ideas Cloud9p.Roadmap 9.9pideas 9.Audio 9.Irc 9.Date 9.Reading 9.Acmemail 9.Splinternet 9.FNS 9.PKI 9.IP 9.Why9 9.Inter9 9.Ramfs Unix.Reading BSD.Reading Debate.Linuxflaws Unix.Intro Unix.History Unix.Exhibit SIMH.Install Ircnow.Womenstem Relays.Relays Bots.Bots Code.Code Opsofliberty.Bootcamp Civics.Intro Ircnow.Projects Vnc.Vnc WikiTips.WikiTips License.License Ircnow.Ally Ircnow.Victorycores Ircnow.Opsofliberty Ircnow.Pioneer Ircnow.Codeforce Ircnow.Explorer Ircnow.Ranger Ircnow.Settler Ircnow.Sheriff Ircnow.Servers Codeforce.Training Team.Team Openbsd.Buyvm Buyvm.Routedsubnet Openbsd.Dkimproxy Openbsd.Opensmtpd Ircnow.Goals Openbsd.Rbldns : advancedmailserversetup theloungewebircclient daughtersofliberty dumpbackupwithscp ntpamplification serverlocations troubleshooting question2answer disablepassword openforeveryone filepermissions firstamendment discriminatory unboundadblock wifitoethernet delphinusdnsd debianinstall bind_resolver httpopenproxy databaseperms resetpassword configuration authoritative mailopenproxy acceleration sysupgrade73 sysupgrade75 sysupgrade68 requirements sysupgrade72 sysupgrade69 sysupgrade71 sysupgrade74 sysupgrade70 victorycores opsofliberty addingarenas constitution independence fingerprints autocomplete suppressmail startupdream partitioning applications recordscreen squirrelmail orangepi3lts checkupdates texturestyle bindresolver cumulusclips routedsubnet publicdomain matterbridge ircv3defense cryptography hunchentoot changeident drawtermssh roadmap2023 encryptfile declaration letsencrypt roadmap2022 roadmap2021 sshbackdoor recordaudio nowwithinit independent ellisisland splinternet redirection outofmemory worldbackup illustrated myipaddress gophernicus netizenship defaultdeny opportunity imagemagick certificate screenshare authorities simpletable masterslave pkglocatedb zncmodules blacklists ambassador supermicro registrars beaglebone hostnameif status2022 management unrealircd milestones dueprocess bittorrent singleuser oscommerce zncdefense tournament federation homerouter sitetosite eggdrop184 sourceaddr filesystem eggdrop191 eggdrop193 accounting dehydrated jsdrawterm deployment linuxflaws networking historical automation encryption signatures automating cheatsheet factorauth brainstorm rebuilding administer themselves philosophy temperance httpflood archivist configure opensmtpd duplicity openrelay pfbadhost openrsync localtime pftesting disklabel ircrelayd debugging loginconf newconfig install74 upgrade67 simpleurl wikistyle install73 chessgogi install71 openhttpd roundcube install75 autorenew myaddress install67 shelllabs wordpress manifesto install70 limitsbot install69 install68 addresses customize minutemin wsconsctl dkimproxy questions procedure codeforce documents selfadmin homestead madeonirc rulebylaw hierarchy religious xdefaults synclient sysupdate womenstem 9gridchan frugality detection geomyidae fediverse providers hardening intrusion passwords secureweb devuaniso debianiso reinstall languages challenge universal education utilities ackflood wikitips bootcamp category webpanel ipv6rdns rootkits licenses rstflood projects binaries zncflaws software synflood bootconf ipv4rdns accounts pfstable zonefile partdisk plan9ini acmemail udpflood showcase overview services dhclient ifconfig chording changing almanack packages policing nickserv security progress biblebot touchpad identify tigervnc symbolic symlinks optimize cronjobs olympics networks chrooted transfer announce softraid flashing dokuwiki religion iplookup torsocks syspatch tlsmulti congress articles phishing explorer bouncers leafnode hostserv creating minetest updating training asterisk pastebin balances sortable firewall netmasks sysadmin blocking torrents industry machines unix101 openbsd achurch anycast texlive settler icecast wechall webnews sheriff sockets gazette channel bitlbee sinhala biboumi prosody tcpdump openssl support iscabbs hosting reading clients freedns camping oidentd without pioneer 6in4nat openttd freedom privacy welcome freeciv restore backups chinese syslogd swapctl central dogfood crontab markets editing justice newdeal sending signals metrics toolkit shocase schemes getting whynotc cprimer editors inboxed digital science virtual pkg_add adduser dovecot connect newdisk signing rbldnsd mailing signify caching windows expired ikiwiki desktop mariadb easyapp android cloud9p 9pideas lessons exhibit history routing replace website proxies ramdisk openssh patriot anoncvs version control gomuks relays setuid ircnow police armory ffmpeg become shells akkoma 9paste concat hashes rights civics netcat quotas medals vorbis donate border sndiod xenodm inter9 target fdroid unveil pledge quotes ranger doxing debate matrix middle social denial paster acmesh hidden pmwiki create cvsweb remote keygen sysctl attack fluxbb telnet psybnc ilines gotweb nodejs verify stagit dnssec mirror guides irc101 chanop ngircd base64 pylink tcltls vhosts wraith atheme pkgadd rspamd growfs filter botnow packet static netpgp atactl alpine ubuntu higher access emails kernel censor united checks intro usage mouse acopm anope goals dmarc radio union parec mlmmj xterm fdisk pppoe ramfs abuse buyvm emacs books dhcpd npppd rcctl ports panic tcpip onovh bucky games bsdrd fiche vmctl dmesg rules 0days manna newfs mount cabin trust labor title party layer users pipes latex video media certs using repos disks ipsec young wheel width class honor ethic metal ifend false duty sshd perl keys skey totp sftp ftpd why9 team cgit h5ai i18n good poor call bots imap chat room iked oper ally fqdn ircs bgpd simh vipw fics mitm ntpd cpan mode bash java doas dell mutt ddos bare ssdp ipmi gear tmux math misc soju vpns rcpu hope oath xfce fork bill hopm fvwm kill sins mgmt korn apps sudo fast docs bncs vmm ksh 100 pki fns fdm run old uim 3rd ffs org ids vps gpl inn cwm bbb sox sip php sic 2fa www spf mta gpg usb ii v2
+Almanack.Almanack:1731560380: Lists.Ircnow Minutemin.Code Minutemin.Server Minutemin.Duty Minutemin.Questions Minutemin.Progress Medals.Intro Team.Welcome Team.Testing Servers.Rights Team.Announce Team.Federation Ircnow.Dogfood Team.Networks Congress.Procedure Congress.Documents Ircnow.Milestones Ircnow.Roadmap2021 Ircnow.Roadmap2022 Ircnow.Roadmap2023 Ircnow.Roadmap Ircnow.Status2022 CodeForce.Deploy Abuse.Code Ambassador.Markets Ircnow.Metrics Ircnow.Nsf Ircnow.Newdeal Ircnow.Daughtersofliberty Netizen.Ellisisland User.Welcome Netizen.Become Netizen.Rights Freedom.Selfadmin Freedom.Independence Freedom.Fork Ircnow.Constitution Freedom.Religion Freedom.Firstamendment Freedom.Software Freedom.Privacy Freedom.Homestead Freedom.Madeonirc Freedom.Unix Freedom.Startupdream Freedom.Openforeveryone Freedom.Dueprocess Freedom.Checks Freedom.Rulebylaw Freedom.Federation Freedom.Union Freedom.Universal Freedom.Radio Ircnow.Education Openbsd.Intro Vmm.Configure Vmm.Install Vmctl.Usage Vmm.Linux Vmm.Sysupgrade Vmctl.Disk Vmctl.Reinstall Vmm.Intro Vmm.DebianIso Vmm.DebianInstall Vmm.Debian Vmm.Optimize Vmm.Ubuntu Vmm.DevuanIso Vmm.Devuan-ISO Vmm.Alpine Vmm.Arch Vmm.Plan9 Vmm.Router Vmm.Homerouter Ipmi.Java Openbsd.BBB Openbsd.Orangepi3lts Openbsd.Upgrade67 Openbsd.Upgrade68 Openbsd.Upgrade69 Openbsd.Upgrade74 Openbsd.Upgrade75 Openbsd.Sysupgrade68 Openbsd.Sysupgrade69 Openbsd.Sysupgrade70 Openbsd.Sysupgrade71 Openbsd.Sysupgrade72 Openbsd.Sysupgrade73 Openbsd.Sysupgrade74 Openbsd.Sysupgrade75 Openbsd.Sysupgrade Openbsd.Install67 Openbsd.Install68 Openbsd.Install69 Openbsd.Install70 Openbsd.Install71 Openbsd.Install73 Openbsd.Install74 Openbsd.Install75 Openbsd.Install Openbsd.Bsdrd OpenBSD.OnOVH Openbsd.Bootconf Openbsd.Singleuser Openbsd.Books OpenBSD.ResetPassword License.Publicdomain Gpl.Flaws Bsd.Hope Bsd.Labor License.Discriminatory Tcpip.Overview IPv4.Overview IPv6.Overview Tcpip.Sockets Ip.Netmask Tcpip.Ports Buyvm.Ipv6 Openbsd.Anycast Hostnameif.Static Hostnameif.Static-v2 Ifconfig.Change IP.Myaddress Almanack.Ifconfig Route.Usage Openbsd.Wifi Resolv.Conf Hostname.Usage Route.Hostnameif Dhcpd.Configure Openbsd.Npppd Openbsd.Pppoe Ntpd.Configure Dhclient.Configure Route.Sourceaddr Ifconfig.Wifitoethernet Gre.6in4 Gre.6in4nat Openbsd.Pf Pf.Guide Openbsd.PFStable Openbsd.PFTesting Openbsd.Pfbadhost Pf.Vpn Pf.Bittorrent Ddos.Intro Openbsd.SSDP Openbsd.ACKFlood Openbsd.RSTFlood Openbsd.SYNFlood Openbsd.HTTPFlood Openbsd.NTPAmplification Openbsd.UDPFlood Openbsd.Amplification Openbsd.Ping Openbsd.Tcpdump Netcat.Usage Netcat.Irc Netcat.Http Netcat.SMTP Telnet.Http Openssl.Http Openssl.Imap Openssl.Smtp Openssl.Check Openssl.Encryptfile Bgpd.Configure Dns.Overview Dns.Records Dns.FQDN Dns.Registrars Dns.Vhost Vhost.Freedns Vhost.Ircnow Nsd.Configure Nsd.Masterslave Nsd.Troubleshoot DNS.RDNS Dns.Zonefile Nsd.Zone Dns.Troubleshooting Openbsd.Delphinusdnsd DNS.Mail DNS.SPF DNS.DKIM DNS.DMARC DNS.MTA-STS DNS.Ipv6rDNS DNS.Ipv4rDNS Unbound.Configure Host.Usage Dig.Usage Openbsd.Unboundadblock Unbound.Blacklists Rbldnsd.Install Dns.BindResolver Unbound.LAN Unbound.DNSSEC Gpg.Verify Signify.Verify Duplicity.Usage Iked.Configure Vpn.Vpn Iked.Newconfig Vpn.Myipaddress Iked.Sitetosite Tor.Torsocks Tor.Hidden Tor.Irc Tls.Overview Tls.Intro Tls.CA Acme-client.Configure Acme-client.Cron Relayd.Acceleration Relayd.TLSMulti Letsencrypt.Expired Acme-client.AutoRenew Dehydrated.Configure Acmesh.Configure Sshd.Configure Ssh.Client Ssh.Fingerprints Openbsd.Sshbackdoor Sshd.Disablepassword OpenSSH.Keygen Openssh.Skey Openssh.Totp Openbsd.Drawtermssh Openbsd.Two-FactorAuth Openbsd.Sftp Ftpd.Configure Torrent.Configure Cvs.Anoncvs Cvs.Intro Cvs.Cvsweb Cvs.Repo Cvs.Guide Paster.Install Fiche.Install Openbsd.Www Openhttpd.Configure Openhttpd.Hosting Openbsd.Httpopenproxy Openhttpd.Perl Openbsd.Php Openhttpd.Tls Openhttpd.Website Openhttpd.CGI Openhttpd.Chroot Pmwiki.Install Pmwiki.Simpleurl Pmwiki.Replace Debate.Wikistyle Ikiwiki.Install Openbsd.Dokuwiki Squirrelmail.Install Roundcube.Install Wordpress.Install Openbsd.Oscommerce Openbsd.Cumulusclips Openbsd.Fluxbb Openbsd.Question2answer Openbsd.H5ai Openbsd.Easyapp Openbsd.Manna NodeJS.Install Openbsd.Cgit Stagit.Install Got.Repo Gotweb.Install Got.Usage Got.Server Got.Mirror Mariadb.Install Irc.Guide Irc.Chanop Ngircd.Oper Irc.Services Irc.Clients Irc.Easy HostServ.Rules Unrealircd.Install Almanack.TheloungeWebircClient Znc.Install Znc.Chroot ZNC.Admin ZNC.Support Openbsd.ZNCModules Znc.Patch Znc.Usage Znc.Relayd Znc.I18n ZNC.Troubleshoot Znc.Debug Debate.Zncdefense Debate.Zncflaws Soju.Install Psybnc.Install Openbsd.Ilines Ambassador.Ilines Debate.Ircv3defense Identd.Configure Oidentd.Install Oidentd.ZNC Oidentd.Changeident Openbsd.Ii Openbsd.Sic Ngircd.Install Ngircd.Link Ngircd.Ssl Ngircd.Sins Ngircd.Loginconf Hopm.Install Openbsd.Acopm Hopm.Telnet Openbsd.Hopm-NowWithInit Hunchentoot.Install Achurch.Install Anope.Install Atheme.Install Pylink.Install Pylink.Chroot Bitlbee.Install Openbsd.Matterbridge Eggdrop193.Install Eggdrop191.Install Openbsd.Tcltls Eggdrop184.Install Eggdrop.Nickserv Wraith.Chroot Openbsd.Wraith Openbsd.Biblebot Botnow.Install Openbsd.Ircrelayd Category.Perl Openbsd.CPAN Unix101.Unix101 Unix101.Wechall C101.C101 Debate.WhyNotC Almanack.C C.Cprimer Openbsd.Vi Openbsd.Mg Openbsd.Ed Emacs.Emacs Opensmtpd.Configure Openbsd.Opensmtpd-relay Openbsd.Opensmtpd-2 Openbsd.Mailopenproxy Opensmtpd.Troubleshoot Opensmtpd.Openrelay Opensmtpd.Test AdvancedMailServer.Install Rspamd.Configure Opensmtpd.Inbox Dovecot.Install Mlmmj.Install Mlmmj-archivist.Install Mutt.Connect Openbsd.Fdm Openbsd.Newdisk Fdisk.Usage Openbsd.Disklabel Openbsd.Growfs Openbsd.Pkg Openbsd.Ports Pkgadd.CheckUpdates Almanack.SystemStatsSh Doas.Configure Syspatch.Syspatch Openbsd.Cron Rcctl.Rcctl Openbsd.Adduser Openbsd.Localtime Dd.Iso Dd.Usage Ln.Intro Tmux.Config Tmux.Share Openbsd.XTerm Openbsd.Backups Openbsd.Dump Openbsd.Restore Openrsync.Usage Rsync.Usage Openbsd.Dmesg Atactl.Usage Almanack.DumpBackupWithSCP Openbsd.Fstab Newfs.Usage Mount.Usage Openbsd.Iplookup Openbsd.Hier Openbsd.Base64 Openbsd.Uim Crontab.Edit Ps.Usage Kill.Usage Vi.Intro Cron.Suppressmail Openbsd.Vipw Tar.Usage Openbsd.Rcctl Syslogd.Configure Syslogd.Remote Openbsd.Panic Openbsd.Sysctl Swapctl.Usage Ffs.Intro Softraid.Install Softraid.Rebuild Disklabel.Usage Disklabel.Partitioning Ksh.Bash Ksh.Redirection Ksh.Autocomplete Shell.Limits Shell.Cronjobs Openbsd.Outofmemory Ln.Shell Openbsd.Freeciv Openbsd.Openttd Olympics.Games Chess.Reading Chess.Chessgogi Chess.Tournament Chess.Limitsbot Fics.Install Fics.Admin Math.Reading Shelllabs.Intro Shelllabs.Reading Shelllabs.Quotes Shelllabs.Manifesto Camping.Gear Openbsd.Minetest Minetest.Addingarenas Minetest.Serverlocations Minetest.Texturestyle Minetest.Updating Minetest.Worldbackup Texlive.Install Texlive.Sinhala Asterisk.Install Sox.Concat Openbsd.Ffmpeg Parec.Record Openbsd.Recordaudio Ffmpeg.Recordscreen Leafnode.Install Webnews.Install Gazette.Gazette Openbsd.INN Openbsd.Gopher Openbsd.Gophernicus Openbsd.Geomyidae Bucky.Install Prosody.Install Biboumi.Install Gomuks.Install Akkoma.Install Openbsd.Misc ISCABBS.ISCABBS Hosting.Hosting Hosting.Providers Hosting.Requirements Openbsd.Security Chroot.Intro Password.Management MITM.Intro Openbsd.Phishing Password.Hashes Password.Schemes Password.Words Openbsd.Dos Openbsd.Spam Openbsd.0days Openbsd.Rootkits Pledge.Intro Unveil.Intro Openbsd.Databaseperms Openbsd.Secureweb Openbsd.Trust Openbsd.Defaultdeny Openbsd.Loginconf Openbsd.Ids Openbsd.Setuid Openbsd.Sa Openbsd.Quota Openbsd.Shell Police.Intro Police.Fingerprints Openbsd.FilePermissions Openbsd.Oath-toolkit Doxing.Defense Team.Security Sheriff.Intro Openbsd.Xenodm Xfce.Install Fvwm.Configure Xdefaults.Configure Synclient.Configure Cwm.Configure TigerVNC.Install TigerVNC.SSH Wsconsctl.Usage Fdroid.Install 9.9 9.Shell 9.Install 9.Partdisk 9.Plan9ini 9.Links 9.Shocase 9.Rcpu 9.Drawterm 9.JSDrawterm 9.101 9.Bootcamp 9.9paste 9.Independent 9.Cheatsheet 9.Sysupdate 9.Packages Rio.Customize 9.Chording 9.Ssh 9.Netcat 9.9gridchan 9.Ideas Cloud9p.Roadmap 9.9pideas 9.Audio 9.Irc 9.Date 9.Reading 9.Acmemail 9.Splinternet 9.FNS 9.PKI 9.IP 9.Why9 9.Inter9 9.Ramfs Unix.Reading BSD.Reading Debate.Linuxflaws Unix.Intro Unix.History Unix.Exhibit SIMH.Install Ircnow.Womenstem Relays.Relays Bots.Bots Code.Code Opsofliberty.Bootcamp Civics.Intro Ircnow.Projects Vnc.Vnc WikiTips.WikiTips License.License Ircnow.Ally Ircnow.Victorycores Ircnow.Opsofliberty Ircnow.Pioneer Ircnow.Codeforce Ircnow.Explorer Ircnow.Ranger Ircnow.Settler Ircnow.Sheriff Ircnow.Servers Codeforce.Training Team.Team Openbsd.Buyvm Buyvm.Routedsubnet Openbsd.Dkimproxy Openbsd.Opensmtpd Ircnow.Goals Openbsd.Rbldns : theloungewebircclient daughtersofliberty advancedmailserver dumpbackupwithscp ntpamplification filepermissions serverlocations openforeveryone troubleshooting question2answer disablepassword wifitoethernet firstamendment unboundadblock discriminatory authoritative httpopenproxy systemstatssh resetpassword mailopenproxy delphinusdnsd debianinstall databaseperms bind_resolver configuration squirrelmail startupdream routedsubnet sysupgrade75 texturestyle addingarenas cumulusclips fingerprints sysupgrade69 sysupgrade73 orangepi3lts bindresolver sysupgrade68 publicdomain recordscreen acceleration checkupdates requirements suppressmail sysupgrade70 autocomplete sysupgrade74 partitioning sysupgrade72 constitution independence applications sysupgrade71 opsofliberty ircv3defense matterbridge victorycores cryptography encryptfile netizenship hunchentoot defaultdeny ellisisland drawtermssh simpletable changeident screenshare sshbackdoor splinternet roadmap2023 nowwithinit roadmap2021 opportunity outofmemory redirection masterslave declaration recordaudio roadmap2022 independent letsencrypt gophernicus myipaddress illustrated authorities certificate pkglocatedb worldbackup imagemagick themselves filesystem sourceaddr dueprocess beaglebone jsdrawterm management homerouter milestones blacklists temperance registrars rebuilding hostnameif cheatsheet ambassador federation tournament brainstorm oscommerce status2022 supermicro linuxflaws bittorrent sitetosite administer dehydrated zncdefense deployment singleuser automation zncmodules networking automating signatures encryption eggdrop193 eggdrop184 unrealircd eggdrop191 factorauth philosophy historical accounting configure httpflood pfbadhost pftesting manifesto shelllabs debugging opensmtpd install67 wordpress openrsync duplicity newconfig myaddress addresses roundcube autorenew wikistyle simpleurl openhttpd openrelay archivist disklabel ircrelayd localtime loginconf install75 install74 install73 chessgogi install71 install70 limitsbot install69 install68 customize detection documents womenstem procedure religious intrusion homestead xdefaults minutemin synclient selfadmin questions madeonirc universal education rulebylaw hierarchy codeforce passwords sysupdate 9gridchan geomyidae fediverse providers hardening secureweb upgrade67 wsconsctl dkimproxy devuaniso debianiso frugality languages challenge utilities reinstall phishing services security bootcamp networks showcase hostserv udpflood almanack rstflood acmemail chording synflood packages partdisk licenses tigervnc biblebot zonefile projects software progress accounts category ipv6rdns policing nickserv rootkits wikitips plan9ini binaries overview zncflaws ipv4rdns touchpad torsocks bouncers ackflood optimize syspatch flashing dokuwiki webpanel iplookup dhclient ifconfig changing bootconf pfstable identify religion training minetest updating asterisk leafnode tlsmulti explorer softraid congress announce pastebin creating cronjobs symlinks olympics chrooted transfer articles symbolic machines sortable sysadmin firewall netmasks industry torrents blocking balances dovecot inboxed openbsd hosting getting schemes freedom adduser restore backups newdisk connect clients virtual pkg_add servers sinhala oidentd anycast achurch texlive without 6in4nat bitlbee iscabbs wechall whynotc unix101 cprimer biboumi editors gazette webnews sockets prosody channel privacy justice cloud9p welcome 9pideas exhibit history reading patriot dogfood pioneer settler lessons sheriff shocase mailing toolkit desktop android newdeal windows syslogd swapctl central chinese markets metrics signals sending crontab editing camping icecast freeciv openttd digital science openssh anoncvs version control replace ikiwiki proxies ramdisk freedns website rbldnsd expired easyapp mariadb support signify signing caching openssl tcpdump routing ircnow ffmpeg psybnc ranger debate 9paste verify netcat netpgp quotes target atactl fdroid wraith civics attack concat inter9 sndiod vorbis dnssec rspamd packet doxing relays police denial medals growfs armory middle pylink donate hashes rights atheme vhosts filter setuid botnow border pkgadd tcltls unveil pledge quotas become social ilines shells ngircd xenodm telnet akkoma gomuks matrix static paster acmesh chanop united cvsweb access higher ubuntu keygen create alpine nodejs stagit mirror gotweb pmwiki irc101 hidden guides fluxbb sysctl checks kernel remote censor emails base64 intro buyvm goals usage union mouse books ramfs npppd dhcpd pppoe mlmmj emacs parec dmarc fdisk rcctl abuse xterm panic fiche radio rules newfs dmesg mount manna cabin ports bsdrd onovh games labor bucky tcpip vmctl acopm trust anope 0days title ifend latex media repos video ethic using users pipes width class certs honor party young ipsec wheel metal false layer disks setup fics soju hopm hope sins imap ssdp fqdn bare gear math bgpd i18n dell ddos mode bncs vipw java ipmi ntpd bash kill cpan h5ai perl cgit keys sshd iked oper vpns tmux doas ftpd sftp totp skey mutt mgmt mitm rcpu misc ally apps team oath fvwm duty fork bill xfce poor bots why9 simh chat room ircs call good docs fast sudo korn vmm 100 bbb old run spf org ksh sox fdm ids uim vps cwm fns pki ffs gpl inn sic mta sip 3rd usb 2fa www php gpg ii v2
+Openhttpd.Tls:1731552581: Tls.Intro Openhttpd.Configure Acme-client.Configure Relayd.Acceleration Rcctl.Usage Ps.Usage Kill.Usage Openssl.Http Netcat.Http Telnet.Http Openhttpd.Website Crontab.Edit Pf.Guide : ewnsmtewhhcnmjqxmte0mdaznju3whcnmjuwmjeymdaznju2wjafmr0wgwydvqqd miicfjaobgnvhq8baf8ebamcbaawhqydvr0lbbywfayikwybbquhawegccsgaquf exrqcm11lmhvc3quaxjjbm93lm9yzzccaiiwdqyjkozihvcnaqebbqadggipadcc lmlyy25vdy5vcmcwewydvr0gbawwcjaibgzngqwbagewggegbgorbgeeadz5agqc agocggibanuladdkipvsvq4lpmsymfhbnqt7exv3lrmzq6yvqzwplod1wkhnxfhg aoyxahr0cdovl3ixms5plmxlbmnylm9yzy8whwydvr0rbbgwfoiuanjtds5ob3n0 staibggrbgefbqcwayywahr0cdovl3ixms5vlmxlbmnylm9yzzajbggrbgefbqcw mb8ga1udiwqymbaafmxprqtq9mpaemyvxc2wxpivjuo5mfcgccsgaqufbwebbesw mdmxczajbgnvbaytalvtmrywfaydvqqkew1mzxqncybfbmnyexb0mqwwcgydvqqd xccisxo0zh4mczanbgkqhkig9w0baqsfaaocaqeapjlhmafd1begi5lxzicgqrdm 9d4icx7vkeigxljrxtgbohflkpzedispqdwkqx1gmewlxrw65a71ur81ajeytjje ixowgeb1kxtgeqkhm4cyywblkidnoeompsrg3usofhs1easdf6io42brmhkilajl rw9xjef4rvpwdvaarsc8xdzy95cw86eciqclsxo2bqi9coah2trzv3gxq0lnen9r jccbokgawibagisbbismyi1jcgngriqsynjgynama0gcsqgsib3dqebcwua ozkhle3d61jruhuz4vep053pnxi8yldrd6jedniaqbajlgjapd1p3sfy0vl lth3lm9pwrfbc0rlipaxkkgauvsohbh7sbvumdiwcmyfdohcbrqgw6edtk 8lkkvpbqxkarejnafb0cv29seqe2rtbwzot8rt6msfn59b07o7m4pxqhs 3csgdn7ozeqqs6pbmtgdjk3aiwaunsnlwbdatdwra171lyted2wufdf wqcmaawhqydvr0obbyefaveged5j7eod57c69ksudivdq7m alwvta0tnea2jo5zmoq7nypo7awpri48xndofysb7gk qkfwlwossimnl8yj7sy6hcvegwqhmkviggypniky ct3clhdkfkwcngex4vkrqwlzef43mj9cqf3g3v ohw9lplpvpgnfnsrax7kwb0lt3zsw7caaaazmo thqrpba3i0nowfdq367ap8kr4ciaaagtke iuflfnzr1a5zfjxs4dlfqvu8nuqwqd3g5j awhaqbd0ihqsssyplxfehagmbaagjggia nh1glyzjlktnsc31rkjjlbbjwnptfwih a3ydn63qlziwjfp1gaczzcyuj7a2navx ml9s99vnq91hxta1j4eywtqcng4uwyz kewaabamasdbgaiea5nosfba3gtmc nxwr0jj2lrf1iuqqjdujwadeudk9o haruihdi26bret1mxm9nfsyza20 bih3bih0apiadwdpevbu1s58r 0tq7zo1jtjhsxvip4pb1zpuwg wje5eu425hkitggdnhf65au8b 6bk3rzetskk8kndkiv7oxl9kd yxce6abvdz3jqzt00svo1uf 1npyshizvn1obqf3knh1jm tls_aes_256_gcm_sha384 kpbcgfcmi8qwftjotiz4 uaodp0degqhxyyqursgp tiltedwindmillpress t6ozaaaeawbimeyciqd hucr3crspwuabyswkgh ahcae0rfgrwyqgl4dg guwzlffh844aoudj3 bwmcmawga1udeweb sp5ctpzw5lykaqc kes6yxtxod7l1av troubleshooting ao13keuclbtne5 renegotiation accessibility configuration automatically acceleration representing certificates zoeucba3zash successfully request_uri compression information configuring unfj3vrpajq t4oiz3lkjey uncommented restrictive significant connections description 1731552214 production jnns0fxsnl automation negotiated configured confronted optionally forwarding directory connected expansion fullchain challenge otherwise explained supported indicates forbidden openhttpd http_host processes plaintext establish listening requested recommend reloading countries important handshake beginning downtime browsers prohibit contains examples requests protocol allowing b1bugk7y searches location security internet in7rwkck s_client automate 00000003 hostname research normally sections rulesets template incoming blocking firewall properly deviate changed running openssl working testing listing certain reasons killing stopped leaving because openbsd improve however already provide private keypair igggxo3 encrypt specify subject correct replace renewal crontab invalid expires address padlock website putting assumes helpful mastery reloads seconds renewed cronjob session timeout written cipher server should random public secure return actual issuer unable allows folder telnet modern netcat enable relayd ensure x25519 output number guides bottom errors ignore verify result suffix domain attach intro about pgrep https bytes usage depth first avoid hhklh oenkw rcctl visit names which start certs users needs check using sleep group sslv3 quick pfctl tlsv1 point after above title these below strip known leave lines index tells paths codes shows later doas will acme root note your this also none does each with like edit once isrg that have from more view then miif only such look hard mean here kprs well days must some been made many 7200 used pass want alpn 4096 best 3645 fine make ecdh were plan wait good into idea bits may ctx get see 403 two org 443 tcp 300 302 www let png did bar yet log var pem p9n ips crt r11 but has 386 253 say 80 90
+Almanack.AdvancedMailServerSetup:1731551299: Openbsd.Loginconf Openbsd.Rcctl Dns.Overview Nsd.Configure DNS.Mail Opensmtpd.Openrelay Opensmtpd.Troubleshoot : h5itbhzs73t4jshaj9yx6tf63yrataqugbxocx67wyekhch4zqiod6lkh advancedmailserversetup disable_plaintext_auth auth_verbose_passwords configuration_manual auth_debug_passwords quota_full_tempfail valid_chroot_dirs userdb_quota_rule specificpassword a8d16cd2144222fa misconfiguration 83bd6b3b1669649f ssl_cipher_list troubleshooting _rc_rm_runfile _rc_parse_conf authentication login_greeting info_log_path authenticated automatically mail_location unix_listener dovecot_flags log_timestamp configeration inet_listener instructions check_fcrdns alphanumeric inconsistent installation certificate letsencrypt alternative temporarily credentials information dovecotcert mtaproxy511 configuring permissions verbose_ssl oddprotocol senderscore check_rdns mail_debug optionally _rc_quirks executable publicipv6 california publicipv4 connection translated postmaster reputation characters abnormally submission encryption interfaces assurance debugging firewalls _dkimsign specified protocols directory opensmtpd connected important authcheck separated usernames configure indicates temporary ownership otherwise openrelay loginconf listeners suggested disabling mtaproxy2 addresses forwarded mtaproxy1 openfiles whitelist following recipient euhb95xlq authority receiving confirmed specifies available explained including rearrange supported sunnyvale exploited contains directly multiple properly outbound security _dovecot gigabyte hostname database blowfish generate increase allowing mailname ssl_cert doveconf rc_check _rc_wait rc_start requires received starting loopback complete checking required virtuals fallback matching replaced poolporg starttls programs sections receives settings packages cap_mkdb explains prompted s_client variable selector overview transfer 00000003 digicert delivery enabling messages yahoodns possible examplee outgoing filtered hundreds ifconfig response provider mail_uid almanack mail_gid default instead signing warning maillog allowed network nothing missing returns openssl private records specify happens running defines express sending smtpctl openbsd defined earlier located filters reverse service entries finally because without correct working relayed dropped aliases domains trusted actions packets blocked already limited pkg_add contact spammer buypass account privkey webmail version written readmes managed request labeled dealing further related folders maildir staging useradd mistake nologin dhparam suppose storage rebuild libexec offline special ssl_key include logging symptom similar timeout passing showing intend passwd egress checks second vusers trying rspamd ircnow letter tables inside errors choose handle smptpd fourth should gssapi emails extras driver strict webirc listed static socket macros please delete create signed change finish passdb scheme script blocks ssl_dh length mailto issues marked unable _smtpd result single source victim forgot headed handed adding exists verify entire failed forced spaces decide aiyngk actual denied answer enable remove turned reason header github linked daemon secure having before exited phase mtree admin https being least group often esmtp chown these hosts chmod reply first entry those whose daily about rcctl child state below known apply rules route fruit guide 16h2s field using depth local queue enter spool smtps value lines shows which tells pairs might point vmail offer colon avoid delay ports basic 39035 store evpid where chain imaps write fatal fails pages doing empty order since sslv2 share again _mail owned begin test4 class from best just lmtp doas rcpt wiki each need also want will 4096 2001 real your this into goes good that must 8192 help have used many sbin than sure make note tabs sent more jrmu euid egid done only 1003 mode 0750 last proc when junk find mask been case logs such high sha2 oath pony part else plus mta5 mta7 2605 6400 mta6 easy free lost like s843 says bind vio0 mean ctrl same does quit type hash much sets safe anti 1024 0600 stop them sha1 pop3 args home keep acme keys both book 2023 disk they some next what txt etc blf 168 url rwx src v02 jan yes see may can due pki 465 too fix pem 587 via crt nsd 451 8p0 770 440 650 ips 5p2 am0 www 220 bnc ne1 250 vps 195 but get usr lo0 204 vip bf1 228 106 5bf 395 119 251 198 104 gq1 993 143 15s way 127 new 518 231 125 db8 doc 1v0 max 80 37 17 41 my 29 57 34 mx 2b 1g 55 47 33
+Adminforces.Training:1731551165: Openbsd.Intro Doas.Configure Syspatch.Syspatch FwUpdate.Usage Openbsd.Pkg Ircnow.Howtoask Lists.Ircnow Freedom.Fork Chroot.Intro Openhttpd.Configure Telnet.Http Netcat.Http Tls.Intro Tls.San Acme-client.Configure Openhttpd.Tls Openssl.Http Openssl.Cert Openhttpd.Website Openhttpd.Hosting Openbsd.Httpopenproxy Openbsd.Chroot Openhttpd.Perl Slowcgi.Usage Freedom.Selfadmin Netcat.Irc Netcat.Usage Openbsd.Rcctl Openbsd.Ed Tar.Usage Ksh.Editor Ksh.History Crontab.Edit Openbsd.Adduser Group.Usage Openbsd.Localtime Dd.Iso Ln.Intro Openbsd.Fstab Dmesg.Usage Openbsd.Hier Top.Usage Ps.Usage Renice.Usage Fstat.Usage Fuser.Usage Kill.Usage Openbsd.Panic Openbsd.Loginconf Openbsd.Sysctl Swapctl.Usage Openbsd.Outofmemory Atactl.Usage Acct.Accton Openbsd.Vipw Freedom.Firstamendment Ircnow.Dogfood Freedom.Software Relayd.Acceleration Relayd.TLSMulti Freedom.Religion Tcpip.Overview IPv4.Overview IPv6.Overview Tcpip.Sockets Ip.Netmask Tcpip.Ports IP.Myaddress Tcpbench.Usage Openbsd.Ping Traceroute.Usage Openbsd.Dig Adminforces.Ifconfig Ifconfig.Change Hostnameif.Static Hostnameif.Autoconf Ifstated.Configure Arp.Usage Ndp.Usage Resolv.Conf- Resolvd.Usage Route.Usage Route.Hostnameif Netstat.Usage Route.Sourceaddr Ifconfig.Hostap Hostapd.Configure Freedom.Openforeveryone Pf.Configure Pf.Guide Pf.Nat Pf.Whitelisting Pf.Debugging Pf.Rdr-to Pf.TrafficShaping Pf.Pflog Pf.Authpf Pf.Testing Pf.Nat64 Pf.Ftp-proxy Pf.Dmz Openbsd.Ddos Openbsd.Tcpdump Openbsd.SSDP Openbsd.ACKFlood Openbsd.RSTFlood Openbsd.UDPFlood Openbsd.Amplification Openbsd.PFStable Openbsd.PFTesting Openbsd.Pf Pfctl.Usage Ifconfig.Wifi Ifconfig.Wifitoethernet Ifconfig.Bridge Ifconfig.Vlan Ifconfig.Veb Ifconfig.Vether Ifconfig.Carp Ifconfig.Gre Ifconfig.Mgre Ifconfig.Egre Ifconfig.Eoip Ifconfig.Etherip Ifconfig.Vxlan Ifconfig.Mpe Ifconfig.Mpip Ifconfig.Mpw Ifconfig.Bpe Ifconfig.Pppoe Ifconfig.Sppp Ifconfig.Tpmr Ifconfig.Trunk Ifconfig.Aggr Ifconfig.Urndis Ifconfig.Pflow Ifconfig.Pfsync Gre.6in4vmm Gre.6in4 Gre.4in6 Ifconfig.Wg Ifconfig.Tap Ifconfig.Tun Dns.Overview Unwind.Configure Unbound.Configure Unbound.Dnssec- Dig.Usage Host.Usage Hostname.Usage Hosts.Configure Netizen.Become Netizen.Rights Dns.Records Dns.Registrars Dns.FQDN Nsd.Configure Dns.Zonefile Nsd.Zone Nsd.Masterslave Nsd.Troubleshoot DNS.RDNS DNS.Ipv4rDNS DNS.Ipv6rDNS Freedom.Unix Dns.Vhost Identd.Configure Freedom.Federation Opensmtpd.Maildir DNS.Mail DNS.SPF DNS.DKIM DNS.DMARC Netcat.SMTP Opensmtpd.Test Opensmtpd.Inbox Opensmtpd.Openrelay Smtp.Usage Spamd.Configure Opensmtpd.Aliases Snmpd.Configure Snmp.Configure Sensorsd.Configure Ldapd.Configure Servers.Rights Minutemin.Code Minutemin.Duty Cvsweb.Restore Got.Usage Got.Repo Got.Server Got.Mirror Gotweb.Install Minutemin.Server Openbsd.Dump Openrsync.Usage Openbsd.Fdisk Openbsd.Disklabel Disklabel.Partitioning Newfs.Usage Mount.Usage Openbsd.Newdisk Mfs.Usage Ffs.Intro Fsck.Usage Openbsd.Quota Openbsd.Growfs Softraid.Install Softraid.Rebuild Exports.Configure Nfsd.Configure MountNfs.Usage Mountd.Configure Ftpd.Configure Tftpd.Configure Sed.Usage Awk.Usage Roff.Usage Ksh.Intro Perl101.Perl101 Vmm.Intro Vmctl.Usage Cu.Usage Vmctl.Newdisk Vmctl.Reinstall Vmm.Install Openbsd.Install Openbsd.Upgrade Openbsd.Sysupgrade Vmm.Sysupgrade Sysmerge.Usage Openbsd.Bsdrd Openbsd.Singleuser OpenBSD.ResetPassword Openbsd.Autoinstall Vmm.Configure Hosting.Providers Dhcpd.Configure Rad.Configure Slaacd.Configure Openbsd.Diskless Rc.Conf Syslogd.Configure Syslogd.Remote Newsyslog.Configure Sendbug.Usage Openbsd.Mail Freedom.Independence Ircnow.Constitution Freedom.Union Freedom.Privacy Freedom.Homestead Freedom.Madeonirc Freedom.Startupdream Freedom.Dueprocess Freedom.Checks Freedom.Rulebylaw Openbsd.Ports Pkgadd.CheckUpdates- Ntpd.Configure Abuse.Intro Team.Security Password.Management Openssl.Encryptfile Signify.Verify Shell.Limits Openbsd.FilePermissions Pledge.Intro Unveil.Intro Openbsd.Setuid Security.Usage Vlan.Configure Pair.Configure Veb.Configure Bridge.Configure Nat.Configure Route.Static Ripd.Configure Route6d.Configure Ospfd.Configure Bgpd.Configure Dvmrpd.Configure Mrouted.Configure Npppd.Configure Dhcpleased.Configure Iked.Sitetosite Iked.Sitetositevmm Iked.Roadwarrior Iked.Roadwarriorvmm Vpn.Vpn Vpn.Myipaddress Iked.Binat Sshd.Configure Ssh.Fingerprints Ssh.Agent OpenSSH.Connect OpenSSH.Keygen Openbsd.Sshkeys Openbsd.Sshbackdoor Sftp.Chroot Sshd.Chroot Openrsync.Chroot Openbsd.Books Unix.Reading Team.Welcome Team.Testing Team.Announce : responsibilities openforeveryone troubleshooting filepermissions administration roadwarriorvmm firstamendment wifitoethernet advertisements trafficshaping sitetositevmm automatically httpopenproxy miscellaneous resetpassword amplification investigation announcements configuration checkupdates independence whitelisting fingerprints acceleration constitution startupdream applications partitioning introduction packetfilter autoinstall description simpletable filesystems configuring encryptfile masterslave alternative environment adminforces consistency outofmemory myipaddress declaration sshbackdoor information synchronize recommended throughput traceroute hostnameif registrars management understand blacklists restricted networking partitions sysupgrade singleuser dogfooding federation operations techniques dueprocess sourceaddr dhcpleased nameserver validating unattended processing rebuilding installing hypervisor resolution interface passwords configure openhttpd opensmtpd loginconf openrelay processes debugging criminals pftesting hierarchy procedure minutemin myaddress openrsync benchmark discovery addresses selfadmin religious wireguard localtime multicast madeonirc scripting mount_nfs questions disklabel homestead rulebylaw newsyslog webserver fw_update jumpstart construct providers reinstall software protocol ifstated sensorsd security overview diskless autoconf ifconfig tcpbench webpages softraid changing database religion tlsmulti operator neighbor commands syspatch fwupdate howtoask rulesets firmware downtime emulator training terminal firewall sortable pfstable udpflood rstflood ackflood wireless resolver packages generate securely sysmerge netmasks ipv6rdns ipv4rdns services zonefile rotation binaries balances mountnfs phishing insecure resource archives multiple symbolic stopping addusers openbsd freedom control getting pkg_add privacy inboxed servers perl101 openssl reading signify records updated channel sshkeys prevent sending restore aliases version virtual machine etherip further openssh reverse logging mrouted routing netizen syslogd hosting proxies sendbug exports acquire route6d account newdisk ramdisk 6in4vmm domains connect setting clients unbound maildir mailing emulate caching backups storage netstat closing bouncer resolvd slowcgi dealing swapctl hostapd sockets website liberty editing tcpdump crontab history default execute classes chroots monitor packets signals defense against attacks welcome display message subject request panics growfs lesson kernel reward rights civics cvsweb netcat extend buffer recite pkgadd gotweb create mirror groups checks identd status report renice unveil editor mountd verify limits telnet choose pledge setuid slaacd daemon ircnow quotas router bridge inside keygen serial border static repair dvmrpd remote access change united bootup become lookup tunnel pseudo device unwind sysctl behind points routes dnssec atactl accton relayd basics vether defend sample urndis pfsync authpf origin vhosts folder custom letter speech usage agent rcctl vxlan abuse topic pflow offer pppoe trunk shell avoid dmarc learn leaks books vmctl guide ldapd snmpd bsdrd spamd after ospfd binat npppd pflog nat64 ipsec tcpip dhcpd tftpd union pfctl newfs fdisk parts fuser dmesg audit title clone width space error honor setup based about press using links image email write types ethic apply block paths show with ddos carp unix week ssdp iked fqdn kill mgre team vipw vpns vlan bgpd ripd code dkim aggr sftp mpip what egre eoip fork sshd sppp your tpmr doas acme cert 4in6 from duty hard save fsck fast ntpd roff text bill good mode nfsd into keep tree tape mfs veb ndp 100 vps cpu dig usb ksh awk mpe mpw oom nsd dmz san rdr ffs bpe fix git wg
+Kill.Usage:1731551125: Ps.Usage : including processes example warning caution matches replace openbsd server string intend actual pkill title using httpd safer usage https first doas with will that find then name pid man not web org use you did for its any to by 1
+Ps.Usage:1731550850: Rcctl.Usage Kill.Usage : representing information processes actually running stopped openbsd example command killing active useful double server should daemon guides output number system ensure rcctl usage check httpd https pgrep title lists below used this have been with see the you org can has web aux if no 1
+Acme-client.Configure:1731549475: Tls.Intro Openhttpd.Configure Dns.Overview Telnet.Http Netcat.Http Host.Usage Dig.Usage Tls.San Relayd.Acceleration Crontab.Edit Nsd.Troubleshoot Openssl.Http : ororkotwrtvdrb3tflusx4rbar1bljalivx5i 04189299823525c8271ab890b189e381835a troubleshooting configuration misconfigured authoritative automatically certificates 429811085347 acceleration 322888040587 configuring letsencrypt blacklisted directories functioning alternative recommended permissions authorities simpletable requesting encryption 2055551047 forgetting automation appearance expiration nameserver recognized complicate continuing censorship validating beneficial dangerous authority directory fullchain generated otherwise challenge beginning important dochngreq encounter following something directive diversity openhttpd documents listening incorrect mentioned encrypted plaintext enforcing indicates searches properly rejected finished overview accepted purposes remember consider hostname provider browsers examples although computer sortable possible practice requests provided response tutorial security existent complain contains internet majority includes controls provides finalize template nxdomain automate location solution openbsd replace testing private crontab created process running success signing handful serving several subject renewed comment warning another cronjob default privkey domains account buypass defines contact staging openssl improve keeping defined usually records looking missing problem address exactly netproc keypair similar follows earlier invalid unknown already creates putting special message nothing changes however because meaning started trusted network assumes someday realize succeed clients analyze servers prevent before errors secure netcat telnet should either double number exists limits please common reason unable output single blocks public lastly cannot relayd remove depend having inside suffix ignore folder issues signed status mailto backup kca9eq daemon border delete random expire bottom causes ensure strict token using https ctzxk point there doesn needs guide wheel 58463 usage later where check after certs while avoid authz fails delay tells which speak these hours short title again found first codes match paths added types drwxr below email lines index would intro could width class test4 since fewer being every have acme they make like 3a2c with your that such only 5624 less doas file 85c7 aaaa self 4700 2606 many must this docs will note next each f53d user exit fake same days both 3272 root edit copy 4797 more once stop time then also want case else says hard plan ipv4 upon well ipv6 most html 2800 used 1893 1946 bad are url web tls dns non see var nsd dig www log set crt san has ips 443 100 216 512 248 220 bak oct but was 184 won pem may too api v02 don feb 180 rsa 172 of by 07 cp go v3 65 fv mv 01
+Tls.San:1731548251: Acme-client.Configure : configuration specification certificates alternative recommended validation different hostnames extension configure important possible multiple wildcard together provide example instead subject because warning service openbsd webmail however specify keeping grouped handful common client number issues beyond server single better unable suited could email would using while title fewer https might since doesn match sense acme that fine many file have fail with make this more used will same wiki then all tls for www can too org san you ssl 509 are its of by as 1
+Almanack.SystemStatsSh:1731547796: : systemstatssh recommended utilization currently expensive connected nastycode processes questions regarding splinter almanack detailed support channel netstat fimstvz vmstat enable server sbin19 mailto please logins memory script uptime author email total print xargs usage about shell ports tells flood cause disk echo help have date most free open hope head some list auxf this last tech join come feel path home root unix your need any irc tcp may and udp but awk usr who for top 11 10 ps df 3 4
+Almanack.DumpBackupWithSCP:1731547772: : backup_destination dumpbackupwithscp localbackup frustration nastycode uploading patiently directory partition extension deleteing sysadmin creating splinter complete starting solution directoy requires hostname password puttygen location security almanack command current openbsd working private concern curremt reading channel openssh partnaz without storage support author weekly server please script backed remote sbin19 mailto public folder screen custom copies shell files mkdir needs least x11r6 going thing crime title posts above using which begin setup paste store hours doas home note date from echo pair your root when size keys copy bkup calm keep this take will like save ofen join made wish path tech unix bash free that into text can run vps the dmp var use for its usr tmp get src irc obj df cd by rm 0
+Roundcube.RecentChanges:1731490725: : recentchanges roundcube splinter install 13t03 2024 24z 11 34 by
Almanack.SetupMailServer:1731470836: : ssl_prefer_server_ciphers alertphishingsslmismatch allow_username_mismatch whitelist_sender_domain pop3_fast_size_lookups alertencryptedarchive pop3_no_flag_updates temporarydirectory alertphishingcloak alertencrypteddoc wl_sender_domain ssl_min_protocol pop3_uidl_format symbols_enabled scan_mime_parts scan_image_mime setupmailserver alertole2macros ssl_cipher_list login_greeting misclassifying authentication databasemirror unixsocketperm sign_networks inet_listener configuration automatically unix_listener mail_location communication circumstances unfortunately authenticated skip_process combinations dkim_signing restrictions 1amapassw0rd preparations maxrecursion certificates customizable wl_antivirus whitelisting introduction localforward misbehaving environment notifyclamd dkim_signed effectively furthermore connections alternative letsencrypt assumptions comfortable logfacility attachments greylisting localsocket information configuring management bruteforce containing accessible submission completely maxclients especially hostmaster configured postmaster disconnect redirected log_daemon identifies clam_virus installing legitimate forwarding definition connecting encryption _domainkey reconsider quarantine additional particular challenges mailboxes addresses localhost opensmtpd interface depending _dkimsign necessary following passwords trainable debugging sign_only sign_auth recipient doesn’t providing available transport disabling mail_home attackers rejecting therefore positives groceries freshclam protocols authority listening detection confident logsyslog no_fcrdns including tcpsocket detectpua openfiles preferred fullchain negatives exception recommend signature instance whenever _dovecot hostname multimap ssl_cert removing packages blocking virtuals required generate settings contains actually commands requests almanack examples provider supports there… internet scanning selector overhead creating outgoing provides tweaking increase messages handling teaching describe outbound detected purposes fighting incoming limiting probably delivers you’ve silently software received although catching requires services manually overload attempts firewall building together strength accepted failures addbrute original guessing mailname aliases no_rdns logtime restart ssl_key options timeout running warning equally blocked don’t trusted private smtpctl tcpaddr _clamav daemons privkey allowed staging account problem attacks include lessons entries similar without testing started expires malware persist traffic packets renewed dropped defined opening through storage replace servers loading modules monitor improve domains doveadm instead correct listens scanner comment won’t easiest destroy logging general maillog default content browser readded another reached suggest between anymore machine sockets _rspamd usermod arrives systems perform handles folders nologin because let’s openssl primary openbsd finally useradd lengthy pkg_add already handful locally script pubout readme common extend create ignore minute bypass filter beware should santas passwd action static extras writer userdb driver shield rather public before expiry hosted matter either ssl_dh dh4096 import export passdb blocks scheme remove pieces during affect egress needed highly _smtpd rs_cl_ prefix chance number _redis around member notice adding memory sooner genrsa checks helper little higher stores source faster second failed facing it’s change pubkey called answer stored logged points always simple longer result suited course plenty guides beside parser first quick those rates chmod after vmail about names muser rcctl dbdir small known dkim1 above lines email clear least speed later could chgrp nuser these pgrep using cases leave found phase under every users radar fetch while posts https needs abuse valid which smtps types agent might right share chown pfctl httpd rules today cover flush value mkdir score strip group owner level touch adapt false order apply until flags daily stays makes enull 11334 anull tlsv1 gives scans stats below lucky hosts issue quite comes based cname punch relay pop3s named study trick knows three alone happy basic keeps shady want from done sure such that ipv4 both your next some whom ipv6 exec this doas path into used mbox rcpt echo find best lmtp args krsa kdhd 3des away 0600 will mode text must hard disk just have gets left many 020a sbin 2001 c000 down 0750 1024 2048 same them good spf1 zone well like aaaa tune take care acme page 0640 deal land they fill wild root dump 3310 kind what save free huge site easy feel link five tell even than show most 020b true 0440 once slow hold ssh var web yes put few its far 587 550 fly crt pki src 10m try but 127 lo0 192 usr db8 rrs too txt 770 may rwx bag 128 tmp org api v02 url pem 110 due blf adh rc4 psk md5 995 gid dss got fit srp mx my mv
-Acme-client.Configure:1731469322: Tls.Intro Openhttpd.Configure Dns.Overview Telnet.Http Netcat.Http Host.Usage Dig.Usage Tls.San Crontab.Edit Nsd.Troubleshoot Openssl.Http : uwhzmqhx6nepcv25levodmaeymb1gutfvtyktvzkjgs 03f7fd846802cb0689c2bbd7b6f5e89eb66b troubleshooting misconfigured configuration automatically certificates configuring letsencrypt alternative functioning directories 11133258838 authorities recommended simpletable blacklisted permissions complicate beneficial requesting encryption censorship appearance forgetting recognized automation 8112730231 authority dochngreq directory beginning openhttpd listening encounter incorrect 113861127 otherwise dangerous important replacing diversity following generated challenge documents directive something browsers automate although overview finalize finished security remember provides possible location consider solution complain purposes tutorial requests provider sortable majority internet provided properly response examples nxdomain template official computer practice rejected contains includes hostname private domains buypass defined staging testing created account realize succeed similar privkey invalid contact network someday prevent openbsd defines success servers default records running special message nothing serving replace another address missing signing exactly putting comment warning clients openssl subject crontab started already assumes forward handful keeping whereas trusted process unknown cronjob improve several analyze meaning command renewed working blocks common mailto single public change inside folder errors exists before secure having limits remove issues number should either cannot delete unable random please causes lastly double daemon signed border reason telnet netcat result bottom strict depend status expire output https check authz names token index under after class could usage intro guide since width tests while drwxr using avoid there added chain which wheel fails certs needs tells again below point match first these speak found title short email being would every test4 delay hours acme ipv6 will with doas both your this ipv4 make 2606 2800 sure _ui3 1893 25c8 more 1946 have want line must note else file next they back copy that such root 3272 4797 docs each edit many once time days stop does then like less upon says fake only also used html user full what most self goes same well tls var fix 512 log www url 100 crt oct are api see dig too nsd dns san web ips won don bak pem 443 v02 has 184 216 220 248 one was 172 rsa but may feb set few 180 by 07 mv v3 34 90 01 cp 65
-Adminforces.Training:1731469150: Openbsd.Intro Doas.Configure Syspatch.Syspatch FwUpdate.Usage Openbsd.Pkg Ircnow.Howtoask Lists.Ircnow Freedom.Fork Chroot.Intro Openhttpd.Configure Telnet.Http Netcat.Http Tls.Intro Tls.San Acme-client.Configure Openhttpd.Tls Openhttpd.Website Openssl.Http Openssl.Cert Openhttpd.Hosting Openbsd.Httpopenproxy Openbsd.Chroot Openhttpd.Perl Slowcgi.Usage Freedom.Selfadmin Netcat.Irc Netcat.Usage Openbsd.Rcctl Openbsd.Ed Tar.Usage Ksh.Editor Ksh.History Crontab.Edit Openbsd.Adduser Group.Usage Openbsd.Localtime Dd.Iso Ln.Intro Openbsd.Fstab Dmesg.Usage Openbsd.Hier Top.Usage Ps.Usage Renice.Usage Fstat.Usage Fuser.Usage Kill.Usage Openbsd.Panic Openbsd.Loginconf Openbsd.Sysctl Swapctl.Usage Openbsd.Outofmemory Atactl.Usage Acct.Accton Openbsd.Vipw Freedom.Firstamendment Ircnow.Dogfood Freedom.Software Relayd.Acceleration Relayd.TLSMulti Freedom.Religion Tcpip.Overview IPv4.Overview IPv6.Overview Tcpip.Sockets Ip.Netmask Tcpip.Ports IP.Myaddress Tcpbench.Usage Openbsd.Ping Traceroute.Usage Openbsd.Dig Adminforces.Ifconfig Ifconfig.Change Hostnameif.Static Hostnameif.Autoconf Ifstated.Configure Arp.Usage Ndp.Usage Resolv.Conf- Resolvd.Usage Route.Usage Route.Hostnameif Netstat.Usage Route.Sourceaddr Ifconfig.Hostap Hostapd.Configure Freedom.Openforeveryone Pf.Configure Pf.Guide Pf.Nat Pf.Whitelisting Pf.Debugging Pf.Rdr-to Pf.TrafficShaping Pf.Pflog Pf.Authpf Pf.Testing Pf.Nat64 Pf.Ftp-proxy Pf.Dmz Openbsd.Ddos Openbsd.Tcpdump Openbsd.SSDP Openbsd.ACKFlood Openbsd.RSTFlood Openbsd.UDPFlood Openbsd.Amplification Openbsd.PFStable Openbsd.PFTesting Openbsd.Pf Pfctl.Usage Ifconfig.Wifi Ifconfig.Wifitoethernet Ifconfig.Bridge Ifconfig.Vlan Ifconfig.Veb Ifconfig.Vether Ifconfig.Carp Ifconfig.Gre Ifconfig.Mgre Ifconfig.Egre Ifconfig.Eoip Ifconfig.Etherip Ifconfig.Vxlan Ifconfig.Mpe Ifconfig.Mpip Ifconfig.Mpw Ifconfig.Bpe Ifconfig.Pppoe Ifconfig.Sppp Ifconfig.Tpmr Ifconfig.Trunk Ifconfig.Aggr Ifconfig.Urndis Ifconfig.Pflow Ifconfig.Pfsync Gre.6in4vmm Gre.6in4 Gre.4in6 Ifconfig.Wg Ifconfig.Tap Ifconfig.Tun Dns.Overview Unwind.Configure Unbound.Configure Unbound.Dnssec- Dig.Usage Host.Usage Hostname.Usage Hosts.Configure Netizen.Become Netizen.Rights Dns.Records Dns.Registrars Dns.FQDN Nsd.Configure Dns.Zonefile Nsd.Zone Nsd.Masterslave Nsd.Troubleshoot DNS.RDNS DNS.Ipv4rDNS DNS.Ipv6rDNS Freedom.Unix Dns.Vhost Identd.Configure Freedom.Federation Opensmtpd.Maildir DNS.Mail DNS.SPF DNS.DKIM DNS.DMARC Netcat.SMTP Opensmtpd.Test Opensmtpd.Inbox Opensmtpd.Openrelay Smtp.Usage Spamd.Configure Opensmtpd.Aliases Snmpd.Configure Snmp.Configure Sensorsd.Configure Ldapd.Configure Servers.Rights Minutemin.Code Minutemin.Duty Cvsweb.Restore Got.Usage Got.Repo Got.Server Got.Mirror Gotweb.Install Minutemin.Server Openbsd.Dump Openrsync.Usage Openbsd.Fdisk Openbsd.Disklabel Disklabel.Partitioning Newfs.Usage Mount.Usage Openbsd.Newdisk Mfs.Usage Ffs.Intro Fsck.Usage Openbsd.Quota Openbsd.Growfs Softraid.Install Softraid.Rebuild Exports.Configure Nfsd.Configure MountNfs.Usage Mountd.Configure Ftpd.Configure Tftpd.Configure Sed.Usage Awk.Usage Roff.Usage Ksh.Intro Perl101.Perl101 Vmm.Intro Vmctl.Usage Cu.Usage Vmctl.Newdisk Vmctl.Reinstall Vmm.Install Openbsd.Install Openbsd.Upgrade Openbsd.Sysupgrade Vmm.Sysupgrade Sysmerge.Usage Openbsd.Bsdrd Openbsd.Singleuser OpenBSD.ResetPassword Openbsd.Autoinstall Vmm.Configure Hosting.Providers Dhcpd.Configure Rad.Configure Slaacd.Configure Openbsd.Diskless Rc.Conf Syslogd.Configure Syslogd.Remote Newsyslog.Configure Sendbug.Usage Openbsd.Mail Freedom.Independence Ircnow.Constitution Freedom.Union Freedom.Privacy Freedom.Homestead Freedom.Madeonirc Freedom.Startupdream Freedom.Dueprocess Freedom.Checks Freedom.Rulebylaw Openbsd.Ports Pkgadd.CheckUpdates- Ntpd.Configure Abuse.Intro Team.Security Password.Management Openssl.Encryptfile Signify.Verify Shell.Limits Openbsd.FilePermissions Pledge.Intro Unveil.Intro Openbsd.Setuid Security.Usage Vlan.Configure Pair.Configure Veb.Configure Bridge.Configure Nat.Configure Route.Static Ripd.Configure Route6d.Configure Ospfd.Configure Bgpd.Configure Dvmrpd.Configure Mrouted.Configure Npppd.Configure Dhcpleased.Configure Iked.Sitetosite Iked.Sitetositevmm Iked.Roadwarrior Iked.Roadwarriorvmm Vpn.Vpn Vpn.Myipaddress Iked.Binat Sshd.Configure Ssh.Fingerprints Ssh.Agent OpenSSH.Connect OpenSSH.Keygen Openbsd.Sshkeys Openbsd.Sshbackdoor Sftp.Chroot Sshd.Chroot Openrsync.Chroot Openbsd.Books Unix.Reading Team.Welcome Team.Testing Team.Announce : responsibilities openforeveryone troubleshooting filepermissions administration roadwarriorvmm firstamendment wifitoethernet advertisements trafficshaping sitetositevmm automatically httpopenproxy miscellaneous resetpassword amplification investigation announcements configuration checkupdates independence fingerprints whitelisting acceleration constitution startupdream applications partitioning introduction packetfilter autoinstall configuring description simpletable filesystems encryptfile masterslave alternative environment adminforces consistency outofmemory myipaddress declaration sshbackdoor information synchronize recommended management registrars traceroute hostnameif understand throughput blacklists restricted networking partitions sysupgrade singleuser dogfooding federation operations techniques dueprocess sourceaddr dhcpleased nameserver validating unattended processing rebuilding installing hypervisor resolution interface passwords configure openhttpd opensmtpd loginconf openrelay processes debugging criminals pftesting hierarchy procedure minutemin myaddress openrsync benchmark discovery addresses multicast selfadmin religious wireguard localtime scripting questions mount_nfs disklabel homestead madeonirc rulebylaw newsyslog webserver jumpstart construct providers reinstall fw_update software protocol ifstated sensorsd security diskless autoconf ifconfig webpages tcpbench softraid overview changing database tlsmulti religion operator neighbor commands syspatch fwupdate howtoask rulesets firmware downtime emulator training terminal firewall sortable pfstable udpflood rstflood ackflood wireless resolver packages generate securely sysmerge netmasks ipv6rdns ipv4rdns services zonefile rotation binaries balances mountnfs phishing insecure resource archives multiple symbolic stopping addusers freedom openbsd control getting pkg_add privacy inboxed servers openssl reading signify records updated channel perl101 sshkeys prevent sending restore aliases version virtual machine etherip further openssh reverse logging mrouted routing netizen syslogd hosting proxies sendbug exports acquire route6d account newdisk ramdisk 6in4vmm domains connect setting clients unbound maildir mailing emulate caching backups storage netstat closing bouncer resolvd slowcgi dealing swapctl hostapd sockets website liberty editing tcpdump crontab history default execute classes chroots monitor packets signals defense against attacks welcome display message subject request panics growfs lesson kernel civics rights cvsweb reward netcat extend buffer recite pkgadd create mirror groups checks identd status report renice gotweb unveil editor mountd verify limits telnet choose pledge setuid daemon slaacd ircnow quotas router bridge inside keygen serial border static repair dvmrpd remote access change united bootup become lookup tunnel pseudo device unwind sysctl behind points routes dnssec atactl accton relayd basics vether defend sample urndis pfsync authpf origin vhosts folder custom letter speech usage agent rcctl topic vxlan abuse pflow offer pppoe trunk shell avoid dmarc learn leaks books vmctl guide ldapd snmpd bsdrd spamd after ospfd binat npppd pflog nat64 ipsec tcpip dhcpd tftpd union pfctl newfs fdisk parts fuser dmesg audit title clone width space error honor setup based about press using links image email write types ethic apply block paths show with ddos carp unix week ssdp iked fqdn kill mgre team vipw vpns vlan bgpd ripd code dkim egre aggr sftp mpip what eoip fork sshd sppp your tpmr doas acme cert 4in6 from duty save hard fsck fast ntpd roff text bill good mode nfsd into tree keep tape veb ndp 100 mfs vps cpu dig usb ksh awk mpe mpw oom nsd dmz san rdr ffs bpe fix git wg
Roundcube.Install:1731468864: : mysql_secure_installation exactly24bytesrandomstr upload_max_filesize output_compression includesubdomains mysql_install_db php_admin_value session_storage utf8_general_ci syslog_facility gc_probability gc_maxlifetime display_errors php_admin_flag configuration alternatively roundcubemail post_max_size memory_limit requirements instructions default_host certificate imagemagick smtp_server efficiently remote_addr recommended redis_hosts remote_port immediately performance installing commenting privileges components connection statements identified accessible extensions log_logins log_driver mime_types javascript auto_start compatible gc_divisor log_errors sameorigin sysupgrade protection dedicated installer directory following newsyslog localhost configure necessary upgrading openfiles something forbidden originals variables parameter offending webserver character available forwarded blacklist questions nastycode php82_fpm pdo_mysql transport installed blocklist resolving packagist databases changelog syslog_id composer php_flag settings existing required although commands whenever optional protocol security log_mail activate packages combined response generate browsers properly nofollow supports 31536000 splinter requires password licensed services together complete location chrooted function versions specific complain solution probably bsdhowto consider actually pkg_info mapping mariadb keypair certain example urandom request don’t running des_key headers content initial quality reasons presume private contain webmail already fastcgi options entries nosniff noindex db_dsnw restart message deliver collate without assumes encrypt traffic between daemons missing imagick pkg_add openbsd usually suhosin enabled openssl disable frankly plugins depends writing present logging prepare prevent written filling servers caching created suggest similar website replace easiest capable beneath working egress readme sample stored trying client listen should public string across making author strict relayd robots finish please allows rcube6 rcube4 choose adding socket remove system behind obtain within rotate values update mysqld pecl82 easily module folder placed anyway second itself always append answer really latest return match about would httpd lines click table found mkdir share likes using rcctl after setup might users while frame print order cases knows parts cause these array could write happy https style since first check there cache above still boost basic comes bunch under least i’m front gives 40101 grant 21600 tells group below proxy which usage offer copy need name 0711 imap must sure make will that want your doas last over quit temp dist logs only drop have json once done this path curl intl ones both misc send zlib 6379 from also then what more into true 2048 busy 1024 mode link urls ipv6 0242 does easy html very c000 ipv4 uses many 2001 sets etc www not but can xss 500 64m usr 444 tag got has org db8 pem 127 tls 192 cnf 403 lo0 ips two gpl due dev see may sf ln cd gd cp md 66 6m 5m
Tls.Intro:1731467279: Acme-client.Configure Openhttpd.Tls Ngircd.Ssl : certificates introduction connections authorities letsencrypt environment information encrypting management encryption recognize configure openhttpd automatic transport requested browsers accessed obtained clicking hostname security products overview zerossl address buypass started padlock website sockets servers enables measure openbsd getting client ngircd secure modern https works using title price layer acme once icon such used that your from been some free tls the has aka can org bar are www cas com and how by is
Acme-client.Configure-Draft:1731466737: Openhttpd.Configure Dns.Overview Host.Usage Netcat.Http Crontab.Edit Nsd.Troubleshoot Telnet.Http Openssl.Http : uwhzmqhx6nepcv25levodmaeymb1gutfvtyktvzkjgs 03f7fd846802cb0689c2bbd7b6f5e89eb66b troubleshooting configurations automatically misconfigured certificates letsencrypt environment 11133258838 directories authorities configuring alternative blacklisted functioning simpletable permissions information requesting recognized beneficial encryption 8112730231 appearance automation management forgetting commenting censorship openhttpd listening beginning challenge important directory 113861127 incorrect following authority recommend directive encounter generated dochngreq something replacing currently dangerous community otherwise transport possible rejected solution location provided browsers examples template purposes security official provider tutorial finished provides practice automate remember although complain finalize majority consider hostname response computer overview sortable clicking products requests obtained nxdomain properly accessed username training contains includes openbsd testing address contact started staging forward invalid padlock whereas records buypass similar domains running someday account zerossl another special message created article servers privkey private openssl nothing replace warning putting already crontab failure trusted keeping measure enables defined website success unknown subject default sockets defines exactly several analyze meaning missing process cronjob renewed working command secure border client blocks daemon mailto inside netcat folder public random either causes having should number chance higher delete signed safely telnet common errors before remove exists change double likely issues cannot modern please status limits lastly depend single reason unable expire result strict bottom output again drwxr found names avoid which after https tells needs first usage token might check tests using these authz below point width under match there certs chain class index wheel fails while added speak draft email title layer short would test4 hours every guide 1893 25c8 acme 1946 doas make this 2800 note line back your ipv6 have _ui3 will both 2606 must with been that less ipv4 they file fake such upon want 4797 3272 root each edit once time stop days does docs most real then copy many says else also from used only what icon same next more html full free skip goes well www var crt see don 512 oct was aka dns v02 api nsd pem log tls 100 are won url has two one cas fix 184 216 248 220 bak vps set 443 bar ips rsa but 172 may san too feb 180 few by 07 v3 34 65 cp 90 mv 01
Openbsd.Php:1731466617: Acme-client.Configure Openhttpd.TLS Relayd.Acceleration : troubleshooting configuration acceleration installation information simpletable everything requesting different extension php83_fpm challenge upgrading following openhttpd correctly depending configure sortable location document versions fastcgi example browser located phpinfo purpose php_fpm pkg_add replace chroots default openbsd htdocs placed border pmwiki access client relayd minute folder errors guides server within should enable listen create update screen domain actual socket visit files tells index block where title notes start lines known strip rcctl class certs space check will make sure that your acme else left test spam logs real into path less want full then have ends doas says this port well need web www var com run and tls got etc are ssl see set any new use of be 11 80 10 by 2 7
Netcat.Http:1731466505: Openhttpd.Configure Tls.Intro : misconfiguration automatically restrictions permissions connection networking configure triggered sometimes indicates responses succeeded openhttpd nhostname scripting location possible normally redirect document modified internal valuable properly diagnose security improper language further content example browser openbsd request problem correct errors cannot length double server served netcat tells hints found occur moved using https knife intro swiss which index title check there print close being alive means this text html type such uses with date 2024 file logs page path case your want keep that been will help port army tool last see has and gmt nov web 200 wed www 500 var com get man org tls for may due few run cgi 518 set 404 302 new 443 tue 486 feb 494 by nc 14 01 23 of 13 28 59 06 ok 12 15 53 19 22 80 41 21
Telnet.Http:1731463294: : connection background chalkboard afterwards webserver response hostname modified requests location redirect foreign doctype address charset prefers version example content openbsd similar webpage forward length should family telnet border bottom dashed closed bad7ff eeeff1 1e1f21 scheme index title found https httpd style hello world below shown using press comic color media serif enter twice white alive point black 2021 body html date head font meta sans dark neue text port last from this keep your does want must 2024 may the one 200 key 1px 302 get tue css nov 443 feb utf gmt 486 not 80 14 23 01 33 19 h1 28 06 15 ms 12 hr ok by
-Openhttpd.Tls:1731462595: Tls.Intro Openhttpd.Configure Acme-client.Configure Rcctl.Usage Openssl.Http Openhttpd.Website Crontab.Edit Pf.Guide : tiltedwindmillpress troubleshooting automatically configuration renegotiation successfully certificate request_uri compression configuring connections information description automation production configured encouraged references negotiated 1614233943 reloading openhttpd uncomment signature otherwise forbidden supported commented challenge expansion necessary directory beginning http_host handshake indicates establish explained connected requested listening plaintext security location contains examples s_client previous automate template normally hostname rulesets firewall protocol properly 00000003 downtime incoming blocking renewal replace website because session openssl cronjob expires timeout correct crontab assumes private specify process browser testing running digital however encrypt openbsd consult padlock putting certain mastery already written subject listing renewed reasons seconds address working helpful return verify public server issuer should actual sha384 aes256 result cipher secure x25519 folder highly unable relayd bottom domain longer ensure attach enable random allows strip known first trust needs pages names rcctl https avoid guide above which chain certs start depth using pfctl intro usage shows bytes check valid quick write title visit index again after tlsv1 users basic tells lines error sslv3 about sleep days look your also pass then edit such view mean have more acme doas root code this were 4096 wait will aead does sent ecdh each once 3730 into 7200 alpn none bits with want well here used stop good that fine idea must note from best many docs been key yet etc did bar may are 443 403 crt png see let org can www tcp log var 300 302 end but 253 has 367 gcm say dst ctx ips cn 80 r3 x3 of 90
Openhttpd.Tls-Draft:1731462541: Tls.Intro Openhttpd.Configure Acme-client.Configure Rcctl.Usage Openssl.Http Openhttpd.Website Crontab.Edit Pf.Guide : tiltedwindmillpress troubleshooting configuration renegotiation automatically successfully configuring certificate description connections compression information request_uri production configured 1614233943 references automation negotiated encouraged openhttpd necessary explained challenge commented handshake http_host forbidden directory reloading otherwise connected supported indicates expansion signature beginning listening plaintext uncomment requested establish security template automate protocol location rulesets contains s_client examples plumbing previous normally hostname downtime blocking incoming 00000003 firewall properly private website timeout encrypt openssl correct subject digital session replace written because browser seconds openbsd crontab certain specify cronjob running already renewed process consult putting reasons assumes listing however working address padlock helpful mastery renewal testing expires public should folder verify actual server return result issuer bottom secure attach highly relayd longer random unable ensure allows enable domain cipher aes256 sha384 x25519 needs names check avoid sleep rcctl depth start above guide quick https trust pfctl intro chain usage first users visit tlsv1 using error which about certs after sslv3 write bytes valid title draft strip known again lines tells pages index basic shows acme note root with this bits aead also will once your each 3730 must many such days well that used mean have from more view then doas ecdh edit sent here 7200 best pass into does stop idea good none alpn fine html want wait code were look docs 4096 been gcm 302 etc ctx 443 can may see key 403 org 300 tcp are let png bar log var www crt dst yet say but has ips did end 253 367 r3 80 cn x3 of 90
-Almanack.DumpBackupWithSCP:1731437407: : backup_destination dumpbackupwithscp localbackup frustration uploading nastycode patiently directory extension deleteing partition password requires security puttygen solution creating hostname location sysadmin splinter starting almanack directoy complete channel command private partnaz openssh current working openbsd curremt reading support storage without concern remote script copies custom author weekly mailto sbin19 server please folder public screen backed shell files x11r6 mkdir needs crime thing least going title store using posts which above begin setup hours paste from home date note doas root echo copy pair your when size will bkup calm keep this take keys like ofen join made path wish bash tech unix free that into text save vps can run dmp the var use its for usr src get tmp obj irc cd by df rm 0
Openhttpd.Configure:1731392734: Acme-client.Configure Chroot.Intro Telnet.Http Pf.Intro Pf.Guide Openhttpd.Tls : tiltedwindmillpress troubleshooting configuration documentation verification cryptography successfully permissions interesting information unencrypted certificate request_uri conjunction connection references proceeding components separation requesting commented configure learnbchs challenge openhttpd directive forwarded suggested documents listening processes http_host establish according fullchain requested directory developed privilege readable response examples simplest firewall connects sections requests listener hostname computer location stripped actually critical addition modified forwards contains responds validity protocol checking overview blocking starting normally private openbsd plugins foreign chroots content replace virtual working testing website browser default explain simpler perhaps command webpage servers similar besides product running mastery helpful address follows finally observe confirm instead traffic changed ruleset serves htdocs editor create adding phrase telnet strict edited second begins allows filter client packet relayd enable ensure secure strong delete double unless should except length longer errors closed return unable obtain lesson weight notice daemon search domain before served cannot lines basic would needs pages other guide intro shown above using index rcctl debug there those https chmod chown about first hello world phone might point below alive after title known certs until these leave since tells stack clean light small file text html date with doas 2024 last well port type acme more that uses note used keep load copy home auto this your will stop some into were mode grep have next must want make find look path pros code fast easy good also user book else many ssl pem see etc tls key org tue nov gmt pub www var are may fix 302 443 has but new 200 ips try get two url by 80 pc 19 14 12 06 33 15 of ax cp 7
Top.RecentChanges:1731389753: : recentchanges usage 12t01 2024 jrmu top 53z 11 by
Chroot.Intro:1731385816: Openhttpd.Configure Nsd.Configure Unbound.Configure Ngircd.Install Znc.Chroot Openhttpd.Perl Pledge.Intro Unveil.Intro : 000002282f00d000 0000022622dc8000 0000022622dcd000 000002285bdc7000 000002285c133000 0000022914fb2000 000002282f101000 00000228c7de6000 00000228c7e16000 applications dependencies compromised permissions limitations simpletable libprogram filesystem dependency developed openhttpd sometimes configure directory imaginary drawbacks necessary replicate processes enhanced chrooted provides security syscalls services sortable multiple requires creating absolute normally changing apparent openbsd libexec whereis install unbound suppose because however tighten network attempt default daemons unveil pledge access within grpref moment thinks target ngircd create binary change refers inside become modify update cannot border until intro start these using there their every https mkdir users still title party third width class first stuck find each home path doas only uses gets type libc that this need copy want also must many have make when what then libm rlib name runs perl next jail them usr may you var znc own www nsd its ldd for has org and now new our of cp by
SiteAdmin.AuthUser:1729372342: PmWiki.AuthUser PmWiki.LocalCustomizations PmWiki.Passwords PmWiki.SecurityVariables : kzxa069zaurvme2wtkwdzobecad6wq5dc4qaipfumc46kzjhzxcew ulu1o3dw6ai7kpjei7g8qestxykcd2w3fzyowe5hgq4whuqc7n0ai qjtdeoj70cst8ml4gojowul8rflfeb0ljdhqhhrupftuodfudgmh2 szg7d334j0wxrt6z10wdfousucloey1jwsw0ivkg6gyvgocjinbim 66jkjxosix5cosun3pdyqoecdfk8qlgxyft8z9ygxcngwagxd0meq 1pnquver1cxhbyv5lov9lelgygjh6wynimfb3qzhaojtx5xbymelq wag2z1yjfasuaba4mxmbsou2ko3ustjmsl4nd8idl5spozzfhmfjy xasgfyoxhyutadgrshosxuze1eulwgr8asiasxv55y9v9b9swmtti pzez59xbud1rgqtfz4kjketart6ktxi3ufshb1prgrlipsrlbu0yc aktvcerbb0sdxyotxcgtqox7nnawvtw5mp3fzrfehnjjchrxgpmuu ie9xoswkeovtpinzj4ly7empvmpwzc99ia8jbfhfsorxvynewmame rgbffhuylfod5gdwiakagosqrfcumusbg0get4yo34cesai3bholm uv7tb320n8nw4j8hbwmxauulithnvntazdul03i0eff6qzjboiy4e ihauv3tzcsgfn1lwqevtkod52yrw2jtyldkkuvgpb9xaabw4zbfnu eg0gstvpzzkfdqvcwjhoukjygjheqg5jwipsypgxzfvryuybdyns p0f7um4cefnoi5bc22ydrea70mwytcuucc1tpti1gvyjurprgyhl nvr0aml4vitwsaiwbxomxe5bcpoemizd8ylzgb4z8xmb2vbpbxsx qmudpox7rienwmktganomgigewmryogzrbba3hzpftednpygfum 6ebwthcykp9i58fb2o6e2vjqpt518kagfktykw6kjsynfvpj8g2 hvhl15tubmv02b5mwgufti7im13ewpicurr2itigd9oszvuma2 sqduis8wadu8znym4jkutnibju3ubscdmyqxhsi6lrzjb0d3 lvwv9ovfqynfsrp4eumyu2lj74qi9c7id4chuudje7uxd7u r9bi5akhnf95kewd8tgz1uxewhhxxcyxadzvpgq1juwtaho ss8tuxkvkbof96voledbuucyi9ttcike0yybrzo4tyrae32 qrfr1hwxytpatdc2yvfiveabomhk9w3m4trsy1jhi7ekk m7cpbk5jdy57jo7ks9brzvniuyrgelixeef7rtpwogvxm zgbs867t7iewra9ii4ugpeyujpig74fbgiks0bncopydy g9w8qg4ue8v43o5arh9rduwc7oerlrtfjpproodhsk7c2 itpy2rbjtkrho3klnbtpprzx8gfv8deutmy31g4rsl2u 1g59vanvkriwopnzpwnzp4ippsh4p9njje7hcj5oowyy zmxwtgvqfhegupguo2pvgpzimh3xds0dujoj7suipo0q atlu0ewhjdaiiechhgjmhawd9guli7jldkmfr4wohq8 c01gpw8lwjdosppykaj4c4i87yapdztvkazrzaecxnk umwmoir2cr7niiop2qeaezph2nofkimfrx5f9uhpbm vfc1fev5rchhweu8zhmvaaa5dh8vh6oylw3xfeiaif yk9cfpbfosetivlifjlrzzykg6upyqmoxepksideim xlah3mevoenpgpaoe1mkj22e2mmaahvieaeyglatu qo2rq1ioupw7soob8pi1x5gaxojgddwy4f0flsuk ioz7lg2n4fqy56yfunk11ojrryocf8ufpvljxj14 afs8a0w9zccpmytwe4pl0uifydvk5fe9g9roqggb uy0qfjunaqhboa5f7tjz0ecj5dng0ugtmv9ndlfw hkca3foog9jjrr0i2ijhfqw0wui5bpoqlnwnrgk da9wcjtoa0vw36x9jmvhdedcnon8266cmlzcevy 6qnynlbctuprbw4n3ywjgogbhmhpgdctw1umlc uxv3bpvhyrdshbjqg96jhu0vq6jff4ixyveqm4 ethxrqerfaa354dguosuujotxevxj5g1aa71zc psiwryupbin7gljgcvnzba4hrapwisefyhmuni le5wzugfbgd7eoj34bkwxbpy3jcmx1xxr83fy obhuysubnkyj8jvsv4g5u7ozxlt6j143wexcu zu7uqwpwimccwio0lw0zce8l1xqapekqj5zs 8qdfodwtozjtuxzkh91hw3ukbb7igotee78i nnmrvuvdgbdtsahmsaepdovxrc814hun9alh z98eph7otcsgsxnknjqy2dae3lwp5n8skas l7vubxwc5llgnc83mofl3t1fic7ct4a1dkc ej5u185vundv3ggm2sy1tlmc1rxcylkfdfm wstnetyibyndhha4tvvotzuep3qo4t1aju yv2ne76jgp6ptzu8sinytoaai6zx9b4zhw mllh4vqqhgo8thxisycj3o9gxmqhchlsc1 mxprwnztv15akg39ugen3e6bwdvils1ny wuqziqxgofprem0ltjpu4jtkqhcrqsmke qrco9ginmv2ejeldfbe31oz2yclac1ik civjwtmqvmsoqtgc1bxugoao1o3kqgov u0yfpdpmxysiowz53lupsbfx6gwur6ay 8ayeqbf2rydjavxaamqaau32fkpvpurg rywyoyngb8a92316xg2hrrbxjmu9dnym ycsfmmxoj1ersj4ie00egabz4tdf5cvj vnf29ixrgyonlyjlwltiaq0hvlfmktc jeukvrvwnmnfx3qgqnn5sabpn45jgna hmezurgyzvkxagxg0w813ve62fzyxbg 3yqmn4ja0o7nxkunz9iebct3xqagt2a zhb46wocsop6occy4eexy7b2nsbfhji cslnbsoosrjy2gatllybzznvqk2vkaq tv62dbotx3hqstfucuc3mrnl2xtjfai mr35li6zvu5cbo7z7jacruze9jvklpq k8f2oxfp4ipbjllclnakeh04qka4bca orbrzwetldeoygfpq1ilnmrnc1uje2q drhfmw6raqrxzf3zdvpvntakjorgphq 3oxtsaj8x80dyigvouihe2zjdwfkn22 v0z18o4mwjtqz5jf4wv2doufp1mdubw bzsoxmp7owshe24o7fiiqvxxqxktul6 84zy6cqydcxzs60avrhndi1c9owhnzq pdumkmvz9zctvlxkdcpzdwvzy8xg2cm jsvcw6ejfypdaq5ofim7nohbcrvyrvg sbfyefrwctlrx1quqrgafusyowyyjzw ec2hgiszxo1q5xdyyfqozqubk4fhs2 eklex8ktxrvgzzktc5kpkezpzafsbh pcztnczypyvyxslw0eha1ow1vgzhgh agrmydmtrtv5j9ugzohrwduprerl7c jp8or2zol3npv3vqgeu8aemdsvkadh ey00b8w6olostkiyuwestefklwbh1j gronpdkh2nsoqx4twmefwenfid9b6n masjz1qzlxjxf0n65huznoetifbrz pdczw1yt7vm2l9k7n3vhjocykxwae qaslgkztkc2cncvblpoz2dwcosy5s 0dsq4eby2pu72cd8brkmkughclpyl uqgdbqdoluvdev0w5fthbi5kakvxb z1hgrq8ikpue7k9cmk9sl5xpwfl8c 9hbw193lb03gcnggdkslf1ppclqc 7p6mjnlbj5nebyazfgramefu9ee2 fvx6enlijp803jwidmfjdo5th4xk hkznqgwolbzgxympawplkhiktiv6 binnpzxqolydmhezezeihewrlhvg nkxwxnngbzm9fs1enbrfuuawwlq xgp2dx1gezdrnxawf3xlxonb9ps 1uajaodrgaoxlyabfuectxulwpf iax4dfaxzp9uozjsahowah7dtbi wemurhl0onbhjp1rn5srpxv4q00 7doxdoqywmaounqwli0yieosgq we2yrcw5jtxroskwb9dizesl4r a0nce4yaeelti78la6kz5vxuc2 tfeltu2k9h08hwq3sci6wd6jse biq3ofpdk7snwc11fh04efjhyf 71jltjbjajnswv5bgax331mgu ehk94ub5zvoggkpovufykrnbo vx86rtea1slyyruevsuore4h6 yfj0ulciacmdioryqqejwla4k natdp7x0rwn49o0j856lz3fy 0jozbg6xmfccs2cbiykufiw3 fomakvhwn8kn03sxgksiqryq a7zaamj7kvwdn9yanfqv20ag y1ooa0x4ddcekgsjpgkpjpmo i0owuedgkabq6gwuoq5v5e2o s3mmcyr8lzbxpckon7v0vo79 njqmeqej1mvzbhbqzb34guo cjli0qjweqvtrrahtiafsoq gwcs6rlxghahs5dukoe7mmg lrwrdezrbvvnshf4v9qk7ug lboktrzby6cpcbxvx9i4qni 5msdan8yv21snlpngzyp3ul xjhd7ohzh7ag08whhcsgcdu hhddyu4r8u08etxbargkbi 6ko5ph4gyoanqyihtctgma wlt6pigtfmyqu55jqg8pvm kup1dogmojd45nqsv5uqud fiwjo4qobuwjgpvp94qqy0 peht2wtpmlkegdedywddwh 9omzcn6xhzhturuqevwhuu 2faeti2yhn3wdswmj7umc6 mz7xzjzwqbgcb5fr2jtjte h1ebwcfkqkscku7srgylfs 3jaodve4mftaqjnrbeqmbr qybnuzyu6upsrx6zy9lsvs dpwgproatmm8vfwsa9ugvw sj593ercmttjm3fk26hcv1 enjlijpqrqacxicen6u4gy yzx2efmjb2tstlbpzjvbyi gqoob7em1lz6ohyabxhv5u omqamx8c88oi6aps9rjas kfgqaqdokuvt59y6dsxpn socjm4cmoilvjivbc8khe qvhtmtmyxpj0wcsvvvitz ucvbrt0gpzcqdknvfmudm ulkjdqk1izobvkm2j7cz2 onkf9n7zptixlmegxjjog koemylipc9lfxwmzl7z3y pung6ln1yvvlbhupjybif mkhixzcyrdshlu0fm6ch3 hmdvlziy2johd3nnxbbcd pltltcxdjnf2vryi43vyh 4a3ubwzs3sir8r5q1fxp6 whfqq0jm3vgux5hdbxnt0 g9asiddmu0hhoinsarerc ouorr5eqof2paopebvaw1 neqvlwxdft1lds30oqo28 fxiqoyvxkfhk7yfqt3ky5 xudd8uwoxxsce51f89nn4 dxdjdqo5m7qxfdglo2qpc yydkuesj23fyvvvwsj0wd xqnpth6al1kizgex3zb5r 8qrrymyolfpgjtdkahs5m f2cwt7rydsvrf0rpok1g e1u8nykpmimoyfo0fz7h 6ole59b9mytmzfxfmjv2 v2cgzesi6wtmrcaucc0a pmumzjc5phkk0rrkni54 7ptsttfhgfy5gljy7pkf inef0edyym7owq38us8b 49eddxffecgs4sp67juk f4zua5eqrchm27oovgkb qu3bqdxc6lcobpmp3ewm ay1xpkv5lflmqxlf3cgu localcustomizations aqoxbsz6tkaq6zbo1tm ypywz3uernyqwc0oxs4 sametdg8clzbquz8p76 hmxvx33qkei6j7qd20w ztyudzxyfmctdryepu iag0cwxsruwvm00t7a 9coq2zkunfzjunx8cb otx5vcipesddc56y8s wnxd84phwsssrcdxn6 5itiwlrplpj6ftetsx mm5fkbh3wiibzgojtu nwv81niquopiisnaae ceo7yksgn9uwsxwj8l fp7oiarmjfgalbm3is st8mmnxusgzx3akxu clnznlel9swsn4xyd oc9jb0oetn5rm3t3h zrenqeftxooceaawe wmoubc5jmwjtljjkk kjr6tvshk0hhwhdv3 yz7sobvnxy5dtt30h ton0wxx68ocqgdgnc securityvariables eqlfgml2sfuopuh7 8haadaxreogkfd9c pl8ht02qfvzkgxxg nrfg9q0zawtcbjnw defaultpasswords 9xrlszfqwaplkpmm zkmaoqobpo9seov4 kynjefuacurq4esg h7k4iws7bu7ly41d nbgzmpqx1gfadg3e 5knbzgrgmiblmak5 bgl5db0pbw0xixwu w20ji3bo8bxz5drw l9droffo7vzcztyx 7mlxgsurkmnaelj6 b2sqibohgzgupob jp4auon7wjygzdg 1n3jwaxihhglefo category_mirror rzlneutjupvqxga lmxahw9irmgumhy beiclitwodvkuyg nolinkwikiwords wqa6rttgbbmviem raghavgururajan sebovrbswkugraj cherrychapstick wwsem8im4qe4kgb vy9hpakkevcrs2f ailkpigbkmoflkm 3iokkmeyzcziymy uldshqanxmyo0zo m3vvbxqcimslxdp fvvzrhqxdanhlqf pogz4btt8ja8fzu blu0weexcvofpgf sveqgihrgb9i24r mbkc8cuskhuqbda nstbbogpojkrnel jdekoeg7ueannx b3egsdgj3nijio authorisations smiwzcq5sptw2m sn7ivhcolzdmok enableauthuser xuq06t1tpt1fds eklzrcmvedpjck authorizations vaseocpdiuzqck htdeaxyyyo8hc9 vmibxshkt3dnys legzuuq15zxpxe huzkhlwnvmvzpa wxur7gwbhxtxru ywcuec1yjsztc configuration 5ysifk2tlkpwq bejelentkezni nxr4bhwdufkrj ancientwisdom phsartzftbvdc honest_monkey documentation f9fgt0srt04be lin1gjxbbogbs openbsdtai123 wb2sfo5grmljb hiqijvgibsp1j b9jkkv3bmdejx frleiwxjzhzsg kltphcaeztoj 9x93nprdutyo searchsocial include_once dragonmaster gv0hgxcnq7hn aamjpfeqogxc ins9xxwb9n4h lzi4vmboxpjq dr9um9nkequ5 rottenbuytes rqn0brfrakl9 pjuebgoxw5ge l2aw44ypveld r7d4u6dkw4qo pl6mpr4oevmb z0yvlf3tonqh instructions otlilpysrm4 planetofnix xtb0zdegrf1 debiankaios 1yx2yfpb3pf f4eesyrsb1n ydst9exlfyg gdr3mpykmfl vdjkr2tambh mdlg7lxw0ke 5srfraco53s oddprotocol zny2cvztvrg bvegxfnzpuv gp8sc432fsy thunderirc locustlord filesystem qge5dqqnfw miniontoby 7oyx8h15yl pystardust z035hjc024 irk6sag7aw generating hydragyrum ircforever inspirenet summersonw wonderland pyritepyro posterdati cqbdq791ds jsljbw0pyr 0x6vt8zflt extensions connection 3mzsz3hyjz outge5fng beginning evfglv95k fkkvb0omc lecturify sulieztya 1t5wabidh starewind w7cptvctw lightblue bugzbunny hqnhbzrgg siteadmin 8cndcvokq bsdforall 9refsvlyg generated 5vthrlqy0 fee1d3skl obtaining nastycode ztrdmpvcu authorize fqcz1wfmv specified astroanax gvlyotbvn noxturnix belonging something i1dbsojqs shelltalk neonshell encrypted noisytoot craziness xh4gyeydm v3zq2jnu accounts external giziydno wsp2r80i jrmutest wwgi6nv9 snowcode tiramisu 9h35c3hr specific redrum88 unsorted comptech username splinter guardian fallback examples aegilops htpasswd gezwnjqq monsieur b13o3k2j q4m0jffj udtwqlny gtlsgamr theguest tlwqzfu7 0gcdan1a suzerain initfree mandarax 2kllevcx obv5wmjw th8u98nq tmiebubk bountyht inactive akoizumi teamless overflow identity writers subline quiliro mistera editors ircuser asdflkj thelion xxmqpw3 private members padding message gandalf 3mvnu1n zshnf2g xv30yz1 ik3apry 4ztyavj zouheir builder spookan baytuch bangcat ebhzbn8 kkzzumm specify leading enabled donjuan nickman appears bgcolor freeirc tomglok bvwcivn waitman limutoo geekzer wh2d8m6 fossdev cloud9p ojtrijm shokara pufferf scripts t9iowtc 05fmm2l nixdork present summary naglfar sources eodrc6x groups pmwiki hhgmlh fvrbe6 bwfdzd sylv1a admins lutzke tcache ircnow maddie result trench limits action entrex caesar secure jacobk erhard moocow almajd manner shared should devune josiah rsxxte places arthur bcrypt forero yiming yahsie lelfey kilroy zxtv1e monaco koragg anasko ui0uos margin lohang quofan yalbcu pirata menche logged bogani people kiliro shrini define 6knc4w sergio either al1r4d dennis zleap tqosd 55vvs index izzyb 7hjez login kolev right https users alice pkxzw carol scara lepht sxngg jykzl rgvua zlpwd yonle gj1ae rrrry ugxga other pages c8pzu allen gpzok 4h5jw doesn hed0x pxkbu maxxe nicoz pyr3x ifend moshe d6cu6 w16wa saved st13g lbtwy sarah based robyn farmd uo1kp notes block error glono barth black rpblc this fizi taa2 attr siva hawk have 20he 41ic f2zo ldap your from tool rahl njpc them left path icri jan6 here auto like form fear zfgw used with fgbo skar sign hash jgtk that tony look will kont kqpp dima when mean ayam qsg3 geze xfnw dave then matt punk pbug db4w zzgr bob zen 5em see mkf php g1n any 1em tby can pkn uid jim rre m16 oiw ret pra gcz jlj ixg 1xa old 2rp gry usr zao 4y2 w3i 09 07
Unbound.Configure:1728676238: : queryselectorall previoushostname troubleshooting flush_negative configuration intercepting nameservers blacklisted validation blacklists originates everything aggressive forwarding childnodes forwarders javascript localhost configure addresses regularly interface something commented suggested listening innertext innerhtml specified providing generated available otherwise signature adblocker checkconf outgoing building computer internal priority spoofing resolver randomly multiple override identity suitable dhclient download prevents produces provided document indicate navigate unbound section quickly openbsd taboola instead opennic include command running console srvlist network browser getting another example service restart foreach invalid contain curated failure working causing however machine missing because queries answers earlier support control default caching counter locally through version change nobody ignore access should 604800 anchor static refuse secure google please lookup dnssec domain inside except enable option marked remote blocks dnskey sample public giving master faster always attach update button window bottom return users allow error https trust rrset ipv4s while rcctl chain known which lines entry there 26496 these 45846 hosts clear pages click frame again ipsec dhcpd fails ipv6s 10800 stale files found setup zones store order ifend cache about place false small first comes title tells your will also want this they doas used both root send 2001 auto test that make sure like when age0 from edit info bind aren hide data 1200 3600 play view role with such read runs aaaa uses logs kept well more oisd need have give does nsec base tail sock find then part trc 112 172 183 101 193 111 115 dig 141 208 185 got can ip6 175 org etc old nsd may 163 100 198 var 142 217 see 127 off 254 div db8 192 any vps 169 top web yes 118 txt 212 168 237 227 165 132 119 154 144 soa 162 236 103 170 248 251 171 244 117 53 40 43 by 34 29 31 99 87 67 89 35 39 86
Tor.Hidden:1728676238: : example_service_dir hiddenserviceport hiddenservicedir 20230720155711 authorization automatically configuration installation permissions configuring associated discovered satisfied sometimes retrieve creating hostname services optional contains pkg_add private details virtual article correct section somehow archive require similar starts pastly useful remain verify public target enable editor create things chown chmod onion there cases print least rcctl group torrc owned posts https begin 2019 blog with more boot must path that each note they even also pair used find keys this _tor sure user make most file will same you ssh and has for see etc can 127 net web org var way cat out one may 700 any v3 by
-Kill.Usage:1728676238: : usage kill
Lecturify.Hardware:1728676238: : constellation st4000nm0023 143413344190 motherboard integrated controller supermicro management enterprise expansions backplane lecturify ethernet 1000base p2349624 hardware _trksid 560watt support onboard storage chassis seagate capable single system supply height l49292 drives server m46890 brand level rails nodes 815tq 563cb x9dri slots intel ports caddy power 500gb https ddr3 ln4f with bays work will case 3ghz core full 2630 quad xeon ipmi sata gold only ebay nics 64gb lff cpu hex bpn sas 4tb www pci any ecc itm com rev pws ram kit reg not 1gb cse for 1u v1 01 4x 2k 2x e5 16 1h x8 1x v2 7
Cvs.Anoncvs:1728676238: Cvs.Repo Cvs.Intro Cvs.Cvsweb : allowagentforwarding permitemptypasswords allowtcpforwarding x11forwarding fingerprints repositories instructions transported information sshd_config recommended potentially unnecessary maintaining committers cvsyncuser maintainer anoncvssh openrsync protocols hushlogin directory permittty drwxrwxr securely username services imported makefile commands profile openbsd replace archive restart another changed publish crontab results cvsroot ircnowd certain working reading cronjob libexec syncing perhaps example because already assumes whereas useradd writing created export chroot system should source delete inside stable passwd synced readme bottom logged domain resolv cvsweb mirror botnow except person brogue needed access hosts below guide intro index touch wheel chmod leave mknod mkdir https users total acopm chown ifend first guest found while leaks value match group rcctl false daily looks jrmu from want your ttys with 512b this only path shar like line libz libc will edit zero test also doas code 1001 then html have 4111 sure jail that real null vipw wiki runs org see www set php oct lha apr may aug can usr are bin new was etc dev 444 666 tmp var pwd cat but has gid ftp yes 46 57 16 27 06 0k by 19 29 96 28 cd 26 db 48 04 42 17 ln 3
Cvs.Commit:1728676238: Cvs.Anoncvs Cvs.Cvsweb Cvs.Intro : automatically recommended directories permissions repository releasetag committers maintainer containing afterwards directory somewhere ownership committed transform vendortag shortcut checkout existing reponame imported original argument replaced specific redirect drwxrwxr granting explains groupadd properly ircnowd working cvsroot provide profile example anoncvs changes tracked usermod suppose located setting current cvsweb should source delete access folder module inside safely cannot author brogue result botnow create sample before actual rights export decide bottom mkdir files named works chown first write acopm since total shell wheel start chmod intro guide begin want will code your each need else this doas then with make that path them from have type just give jrmu omit when 512b also like init once note into time echo look does and lha oct one apr may aug new see fix any don put 06 0k 27 10 16 cd 29 57 17 04 42 11 46 26 48 19 rf by 28 3
DNS.Dnswl:1637664352: : listing title white https dnswl www org
MacTerminal.Connect:1637664352: Ircnow.SSHFingerprints : sshfingerprints macterminal connecting launchpad username macterm5 macterm4 password macterm3 macterm1 macterm2 replace matches attach verify ircnow server press enter title fruit click other type done your real with yes app org png and
Openbsd.Spf:1637664352: : redirect openbsd dns spf
-Ps.Usage:1637664352: : usage ps
Sshwifty.Connect:1637664352: : herokuapp sshwifty connect github https nirui com
SerFISH.Connect:1637664352: : serfish console connect https www com
Tls.CA:1637664352: : letsencrypt support zerossl buypass free that acme cas com tls
blob - e4c98506deb7fd16eff083f76e954fc660c24134
blob + 4a95b7c82033e7a73292be9d06f263017c0c8cdc
--- wiki.d/Acme-client.Configure
+++ wiki.d/Acme-client.Configure
ctime=1614076701
host=198.251.82.194
name=Acme-client.Configure
-rev=69
-targets=Tls.Intro,Openhttpd.Configure,Dns.Overview,Telnet.Http,Netcat.Http,Host.Usage,Dig.Usage,Tls.San,Crontab.Edit,Nsd.Troubleshoot,Openssl.Http
-text=(:title Configuring Acme-client:)%0a%0aTo provide [[tls/intro|TLS encryption]], you will need to provide a TLS%0acertificate for your server. Although it is possible to self-sign your%0acertificates, many end-user clients will reject these certificates as being%0ainvalid. For this reason, it's recommended that you get a certificate signed by%0aa trusted certificate authority (CA). In this guide, we'll use OpenBSD's%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] with Let's Encrypt.%0a%0a!! Before You Begin %0a%0aThis guide assumes you have already properly configured and started%0a[[openhttpd/configure|openhttpd]]. You will also need properly functioning%0a[[dns/overview|DNS records]] for your hostname.%0a%0aTo test if your web server is serving documents properly, use%0a[[telnet/http|telnet]] or [[netcat/http|netcat]]. To test DNS records, use%0a[[host/usage|host]] or [[dig/usage|dig]].%0a%0aNote: You must have a server block in%0a[[https://man.openbsd.org/httpd.conf.5|httpd.conf(5)]] listening on port 80.%0aDo not delete this block or else acme-client will not work.%0a%0a!! Configuration%0a%0aFirst, copy the%0a[[https://man.openbsd.org/acme-client.conf.5|acme-client.conf(5)]] template:%0a%0a[@%0a$ doas cp /etc/examples/acme-client.conf /etc/acme-client.conf%0a@]%0a%0aWe'll edit @@/etc/acme-client.conf@@ and analyze the meaning of each block:%0a%0a!!! Authority blocks%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a}%0a@]%0a%0aThis block defines the Certificate Authority%0a[[https://letsencrypt.org/|letsencrypt]]. It provides the API URL and the%0alocation of the account key.%0a%0a'''Note''': Let's Encrypt%0a[[https://letsencrypt.org/docs/rate-limits/|rate-limits]] the number of%0acertificate signing requests you can make. If you encounter an error and are%0aunable to request a TLS cert, please fix all errors before requesting again.%0aIf you request too many certs in a short time, your domain will get blacklisted%0afor a few hours or a few days. To avoid this delay, use the authority%0a@@letsencrypt-staging@@ first and make sure you succeed with that before using%0athe authority @@letsencrypt@@.%0a%0aAlthough we are using Let's Encrypt for this tutorial, it is important to%0arealize that having the majority of all Internet servers depend upon a single%0aprovider is dangerous. For this reason, it would be beneficial for our network%0ato someday run its own Certificate Authority. This can prevent censorship of%0adomains and other security issues.%0a%0a[@%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a}%0a@]%0a%0a@@letsencrypt-staging@@ is a staging server which you can use to practice%0arequesting fake certificates. The rate limits for the staging server are less%0astrict, so you should practice first with this CA.%0a%0aFor both of these blocks, we will want to add our contact email, so we add%0a@@contact "mailto:me@example.com"@@ inside both blocks. (Make sure to include @@mailto:@@):%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a@]%0a%0aNext, the default%0a[[https://man.openbsd.org/acme-client.conf.5|acme-client.conf(5)]] defines two%0amore authorities:%0a%0a[@%0aauthority buypass {%0a api url "https://api.buypass.com/acme/directory"%0a account key "/etc/acme/buypass-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority buypass-test {%0a api url "https://api.test4.buypass.no/acme/directory"%0a account key "/etc/acme/buypass-test-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a@]%0a%0aThese two blocks are the same as for @@letsencrypt@@, but with the alternative%0aprovider [[https://buypass.com/|buypass]]. You can use @@buypass@@ to improve%0aCA diversity, or if you have issues with @@letsencrypt@@, such as rate-limits.%0aMake sure to replace the contact email with your own email.%0a%0a!!! Domain Block%0a%0aNext, we define our domains which we will issue certificate signing requests%0afor:%0a%0a[@%0adomain example.com {%0a alternative names { secure.example.com }%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a sign with letsencrypt%0a}%0a@]%0a%0aFirst, replace every appearance of @@example.com@@ with your own domain.%0a%0aEach TLS cert is valid for only for a single '''common name''' and a set of%0a'''alternative names''' that are provided on the certificate. In the default example, the%0aTLS certificate has the common name @@example.com@@ and the alternative%0aname @@secure.example.com@@. You could change the alternative name to%0a@@www.example.com@@ and @@mail.example.com@@. In this guide, we will comment out this line, since%0awe do not want to complicate the example with [[tls/san|Subject Alternative Names]].%0a%0a'''Warning''': While a handful of alternative names are fine, using too many%0aalternative names can cause acme-client's certificate request to fail. We%0arecommend keeping the number of alternative names to under 5.%0a%0a'''Warning''': Having the @@alternative names@@ directive with nothing inside%0awill cause errors. The example below will cause errors:%0a%0a[@%0aalternative names { }%0a@]%0a%0aIf you don't need any alternative names, comment this line out by putting a #%0aat the beginning of the line, like so:%0a%0a[@%0a# alternative names { }%0a@]%0a%0a'''Note''': If you add an alternative name to the conf file, but the cert%0aalready exists, you must remove the old public cert first before requesting a%0anew one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will%0acomplain there is an unknown [[tls/san|Subject Alternative Name]].%0a%0aNext, the @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a%0a[@%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a@]%0a%0aThe public key goes inside the folder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a%0aThe line @@sign with letsencrypt@@ line tells Acme-client which Certificate Authority (which you defined in the Authority Blocks) to use.%0a%0aFor testing purposes, you may want to change it to @@letsencrypt-staging@@. You can also consider using @@buypass@@ or @@buypass-test@@.%0a%0a'''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority (such as @@sign with letsencrypt@@).%0a%0a!! Requesting Certificates%0a%0aAfter you have finished configuring the conf file, we can request certificates:%0a%0a[@%0a$ doas acme-client -Fv example.com%0a@]%0a%0aIf there are no errors, you should see something similar to the following output:%0a%0a[@%0a$ doas acme-client -Fv example.com%0aacme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key%0aacme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0aacme-client: https://acme-v02.api.letsencrypt.org/directory: directories%0aacme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0aacme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 0%0aacme-client: /var/www/acme/uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs: created%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A: challenge%0aacme-client: order.status 0%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0aacme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 2%0aacme-client: order.status 1%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/113861127/8112730231: certificate%0aacme-client: order.status 3%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/cert/03f7fd846802cb0689c2bbd7b6f5e89eb66b: certificate%0aacme-client: /etc/ssl/example.com.crt: created%0a@]%0a%0aThe last line says that the public certificate was generated. If you see that, it's a success!%0a%0aYou now have two certificates, the public key inside @@/etc/ssl/example.com.crt@@, and the private key inside @@/etc/ssl/private/example.com.key@@:%0a%0a[@%0a$ doas ls -l /etc/ssl/example.com.crt /etc/ssl/private/example.com.key%0a-r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/example.com.crt%0a-r-------- 1 root wheel 3272 Feb 25 02:10 /etc/ssl/private/example.com.key%0a@]%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a@]%0a%0aThis cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a%0a!! Troubleshooting%0a%0aIf acme-client fails, there are several possible causes:%0a%0a!!! Domain Not Listed%0a%0aIf you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a %0a[@%0aacme-client: /etc/ssl/example.com.crt: domain not listed: new.example.com%0a@]%0a%0aHere, @@new.example.com@@ was a new alternative name you added. The solution is to move your old public cert and private key to a new location (to back it up). Then, request the cert again.%0a%0a[@%0a$ doas mv /etc/ssl/example.com.crt /etc/ssl/example.com.crt.bak%0a$ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a@]%0a%0aThen request the cert again:%0a%0a[@%0a$ doas acme-client -Fv example.com%0a@]%0a%0a!!! Missing Domain Records%0a%0aIt's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a%0a[@%0a$ host example.com%0a@]%0a%0aYou should see one or two records like the following:%0a%0a[@%0aexample.com has address 93.184.216.34%0aexample.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a@]%0a%0aIf you have missing records, you will see this response:%0a%0a[@%0aHost example.com not found: 3(NXDOMAIN)%0a@]%0a%0aYou will either need to speak with your DNS provider or troubleshoot [[nsd/troubleshoot|nsd]]. If DNS records are missing or incorrect, fix these first.%0a%0aThe IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. If they do not match, you must fix this.%0a%0a'''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a%0aLastly, if your DNS record includes an IPv6 address, make sure your web server is listening on IPv6. If the DNS record contains an IPv4 address, make sure your web server is listening on IPv4.%0a%0a!!! OpenHTTPd Misconfigured%0a%0aIf [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a%0a(acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. )%0a%0aTo test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain) on another computer.%0a%0a[@%0a$ telnet example.com 80%0aGET /index.html HTTP/1.1%0aHost: example.com%0a@]%0a%0aIf you do not get the correct response, double check your [[openhttpd/configure|openhttpd configuration]].%0a%0a'''Note''': Although a web browser can also be used for testing, many web browsers automatically forward all port 80 requests to port 443. As a result, your web browser will only see what is listening on port 443, whereas the certificate authority tests port 80 only.%0a%0a!!! Incorrect File Permissions%0a%0aDouble check @@/var/www@@ and @@/var/www/acme@@ for correct file permissions:%0a%0a[@%0a$ ls -ld /var/www /var/www/acme%0adrwxr-xr-x 10 root daemon 512 Oct 5 07:47 /var/www%0adrwxr-xr-x 2 root daemon 512 Oct 5 07:47 /var/www/acme%0a@]%0a%0aSee Also:%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a|| [[openhttpd/configure|Configure OpenHTTPd]] || Configure HTTPd ||%0a|| [[telnet/http|Telnet HTTP]] || Use Telnet to Troubleshoot HTTP ||%0a|| [[openssl/http|OpenSSL HTTP]] || Use OpenSSL to Troubleshoot HTTPS ||%0a
-time=1731469322
+rev=75
+targets=Tls.Intro,Openhttpd.Configure,Dns.Overview,Telnet.Http,Netcat.Http,Host.Usage,Dig.Usage,Tls.San,Relayd.Acceleration,Crontab.Edit,Nsd.Troubleshoot,Openssl.Http
+text=(:title Configuring Acme-client:)%0a%0aTo provide [[tls/intro|TLS encryption]], you will need to provide a TLS%0acertificate for your server. Although it is possible to self-sign your%0acertificates, many end-user clients will reject these certificates as being%0ainvalid. For this reason, it's recommended that you get a certificate signed by%0aa trusted certificate authority (CA). In this guide, we'll use OpenBSD's%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] with Let's Encrypt.%0a%0a!! Before You Begin %0a%0aThis guide assumes you have already properly configured and started%0a[[openhttpd/configure|openhttpd]]. You will also need properly functioning%0a[[dns/overview|DNS records]] for your hostname.%0a%0aTo test if your web server is serving documents properly, use%0a[[telnet/http|telnet]] or [[netcat/http|netcat]]. To test DNS records, use%0a[[host/usage|host]] or [[dig/usage|dig]].%0a%0aNote: You must have a server block in%0a[[https://man.openbsd.org/httpd.conf.5|httpd.conf(5)]] listening on port 80.%0aDo not delete this block or else acme-client will not work.%0a%0a!! Configuration%0a%0aFirst, copy the%0a[[https://man.openbsd.org/acme-client.conf.5|acme-client.conf(5)]] template:%0a%0a[@%0a$ doas cp /etc/examples/acme-client.conf /etc/acme-client.conf%0a@]%0a%0aWe'll edit @@/etc/acme-client.conf@@ and analyze the meaning of each block:%0a%0a!!! Authority blocks%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a}%0a@]%0a%0aThis block defines the Certificate Authority%0a[[https://letsencrypt.org/|letsencrypt]]. It provides the API URL and the%0alocation of the account key.%0a%0a'''Note''': Let's Encrypt%0a[[https://letsencrypt.org/docs/rate-limits/|rate-limits]] the number of%0acertificate signing requests you can make. If you encounter an error and are%0aunable to request a TLS cert, please fix all errors before requesting again.%0aIf you request too many certs in a short time, your domain will get blacklisted%0afor a few hours or a few days. To avoid this delay, use the authority%0a@@letsencrypt-staging@@ first and make sure you succeed with that before using%0athe authority @@letsencrypt@@.%0a%0aAlthough we are using Let's Encrypt for this tutorial, it is important to%0arealize that having the majority of all Internet servers depend upon a single%0aprovider is dangerous. For this reason, it would be beneficial for our network%0ato someday run its own Certificate Authority. This can prevent censorship of%0adomains and other security issues.%0a%0a[@%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a}%0a@]%0a%0a@@letsencrypt-staging@@ is a staging server which you can use to practice%0arequesting fake certificates. The rate limits for the staging server are less%0astrict, so you should practice first with this CA.%0a%0aFor both of these blocks, we will want to add our contact email, so we add%0a@@contact "mailto:me@example.com"@@ inside both blocks. (Make sure to include%0a@@mailto:@@):%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a@]%0a%0aNext, the default%0a[[https://man.openbsd.org/acme-client.conf.5|acme-client.conf(5)]] defines two%0amore authorities:%0a%0a[@%0aauthority buypass {%0a api url "https://api.buypass.com/acme/directory"%0a account key "/etc/acme/buypass-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority buypass-test {%0a api url "https://api.test4.buypass.no/acme/directory"%0a account key "/etc/acme/buypass-test-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a@]%0a%0aThese two blocks are the same as for @@letsencrypt@@, but with the alternative%0aprovider [[https://buypass.com/|buypass]]. You can use @@buypass@@ to improve%0aCA diversity, or if you have issues with @@letsencrypt@@, such as rate-limits.%0aMake sure to replace the contact email with your own email.%0a%0a!!! Domain Block%0a%0aNext, we define our domains which we will issue certificate signing requests%0afor:%0a%0a[@%0adomain example.com {%0a alternative names { secure.example.com }%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a sign with letsencrypt%0a}%0a@]%0a%0aFirst, replace every appearance of @@example.com@@ with your own domain.%0a%0aEach TLS cert is valid for only for a single '''common name''' and a set of%0a'''alternative names''' that are provided on the certificate. In the default example, the%0aTLS certificate has the common name @@example.com@@ and the alternative%0aname @@secure.example.com@@. You could change the alternative name to%0a@@www.example.com@@ and @@mail.example.com@@. In this guide, we will comment out this line, since%0awe do not want to complicate the example with [[tls/san|Subject Alternative Names]].%0a%0a'''Warning''': While a handful of alternative names are fine, using too many%0aalternative names can cause%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] to fail. We recommend%0akeeping the number of alternative names to 5 or fewer.%0a%0a'''Warning''': Having the @@alternative names@@ directive with nothing inside%0awill cause errors. The example below will cause errors:%0a%0a[@%0aalternative names { }%0a@]%0a%0aIf you don't need any alternative names, comment this line out by putting a #%0aat the beginning of the line, like so:%0a%0a[@%0a# alternative names { }%0a@]%0a%0a'''Note''': If you add an alternative name to the conf file, but the cert%0aalready exists, you must remove the old public cert first before requesting a%0anew one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will%0acomplain there is an unknown [[tls/san|Subject Alternative Name]].%0a%0aNext, the @@domain key@@ and @@domain full chain certificate@@ tell%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] where to put the%0aprivate key and certificate:%0a%0a[@%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a@]%0a%0a'''Note''': By default,%0a[[https://man.openbsd.org/acme-client.conf.5|acme-client.conf(5)]]%0auses the path @@/etc/ssl/example.com.fullchain.pem@@ for the full chain%0acertificate. Our guide, however, changes the path to%0a@@/etc/ssl/example.com.crt@@. We make this change because we later plan to use%0a[[relayd/acceleration|relayd]] to provide SSL acceleration, and%0a[[relayd/acceleration|relayd]] hard codes the paths it searches for the public%0aand private keypair. [[https://man.openbsd.org/relayd.8|relayd(8)]] will only%0asearch for public certificates that end in the @@.crt@@ suffix; it will ignore%0acertificates that end with the suffix @@.fullchain.pem@@.%0a%0aIn our configuration, the public key will go inside the folder @@/etc/ssl@@,%0aand the private key will go inside @@/etc/ssl/private@@.%0a%0aThe line @@sign with letsencrypt@@ line tells%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] which Certificate%0aAuthority (which you defined in the authority blocks) to use.%0a%0aFor testing purposes, you may want to change it to @@letsencrypt-staging@@. You%0acan also consider using @@buypass@@ or @@buypass-test@@.%0a%0a'''Note''': staging or testing certificates are not recognized by most browsers%0aand will be rejected as an invalid certificate. After you finish testing with a%0astaging certificate, remember to change this line back to an accepted authority%0a(such as @@sign with letsencrypt@@)!%0a%0a!! Requesting Certificates%0a%0aAfter you have finished configuring the conf file, we can request certificates:%0a%0a[@%0a$ doas acme-client -Fv example.com%0a@]%0a%0aIf there are no errors, you should see something similar to the following output:%0a%0a[@%0a$ doas acme-client -Fv example.com%0aacme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0aacme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key%0aacme-client: https://acme-v02.api.letsencrypt.org/directory: directories%0aacme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248%0aacme-client: acme-v02.api.letsencrypt.org: DNS: 2606:4700:60:0:f53d:5624:85c7:3a2c%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/429811085347%0aacme-client: challenge, token: ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ, status: 0%0aacme-client: /var/www/acme/ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk: created%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ: challenge%0aacme-client: order.status 0%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/429811085347%0aacme-client: challenge, token: ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ, status: 0%0aacme-client: /var/www/acme/ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk: created%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ: challenge%0aacme-client: order.status 0%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/429811085347%0aacme-client: challenge, token: ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ, status: 2%0aacme-client: order.status 1%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/2055551047/322888040587: certificate%0aacme-client: order.status 3%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/cert/04189299823525c8271ab890b189e381835a: certificate%0aacme-client: /etc/ssl/example.com.crt: created%0a@]%0a%0aThe last line says that the public certificate was generated. If you see that%0alast line, it's a success!%0a%0aYou now have two certificates, the public key inside%0a@@/etc/ssl/example.com.crt@@, and the private key inside%0a@@/etc/ssl/private/example.com.key@@:%0a%0a[@%0a$ doas ls -l /etc/ssl/example.com.crt /etc/ssl/private/example.com.key%0a-r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/example.com.crt%0a-r-------- 1 root wheel 3272 Feb 25 02:10 /etc/ssl/private/example.com.key%0a@]%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days, while Buypass certs expire after%0a180. For both, you must remember to request the TLS cert before expiration, or%0aTLS will stop validating properly. To avoid forgetting, we can automate the%0arequest process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a@]%0a%0aThis cronjob will check the certificate once each day, at a random time of day,%0ato see if it needs to be renewed. If it does, it will renew the cert.%0a%0a!! Troubleshooting%0a%0aIf acme-client fails, there are several possible causes:%0a%0a!!! Domain Not Listed%0a%0aIf you add a new alternative name inside your domain block in%0a[[https://man.openbsd.org/acme-client.conf|acme-client.conf(5)]], you will see%0athis error:%0a %0a[@%0aacme-client: /etc/ssl/example.com.crt: domain not listed: new.example.com%0a@]%0a%0aHere, @@new.example.com@@ was a new alternative name you added. The solution is%0ato move your old public cert and private key to a new location. This creates a%0abackup in case the next certificate signing request fails. Then, request a new%0acert again.%0a%0a[@%0a$ doas mv /etc/ssl/example.com.crt /etc/ssl/example.com.crt.bak%0a$ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a$ doas acme-client -Fv example.com%0a@]%0a%0a!!! Missing Domain Records%0a%0aIf you see an error message like the following, it's possible that your domain%0arecords are missing:%0a%0a[@%0aacme-client: DNS problem: NXDOMAIN looking up A for example.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for example.com - check that a DNS record exists for this domain%0aacme-client: bad exit: netproc(58463): 1%0a@]%0a%0aAs mentioned earlier, it is important to test that your DNS records are set up%0aproperly by using [[host/usage|host]] or [[dig/usage|dig]] before running%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]]:%0a%0a[@%0a$ host example.com%0aHost example.com not found: 3(NXDOMAIN)%0a@]%0a%0aAn NXDOMAIN (Non-eXistent DOMAIN) response indicates the DNS record is missing.%0a%0aProperly configured records should appear as follows:%0a%0a[@%0aexample.com has address 93.184.216.34%0aexample.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a@]%0a%0aYou will either need to speak with your DNS provider or troubleshoot your%0aauthoritative nameserver, which on OpenBSD is usually [[nsd/troubleshoot|nsd]].%0aIf DNS records are missing or incorrect, fix these before continuing with%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]].%0a%0aThe IPv4 and IPv6 address must exactly match the IPs that%0a[[openhttpd/configure|OpenHTTPd]] is listening on. If they do not match, you%0amust fix this.%0a%0a'''Note''': You '''cannot''' request certificates for a domain that doesn't%0apoint to your server! The domain must point to an IP address your server%0acontrols.%0a%0aLastly, if your DNS record includes an IPv6 address, make sure your web server%0ais listening on IPv6. If the DNS record contains an IPv4 address, make sure%0ayour web server is listening on IPv4.%0a%0a!!! OpenHTTPd Misconfigured%0a%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] uses the%0a[[https://https://letsencrypt.org/docs/challenge-types/|http-01]] challenge. A%0afile is created with a special message in @@/var/www/acme/@@, and the%0acertificate authority requests that file using the URL%0a@@http://example.com/.well-known/acme-challenge/*@@. )%0a%0aIf [[openhttpd/configure|openhttpd]] is not configured and running properly,%0aacme-client won't work.%0a%0aTo test if your web server is serving documents properly, use%0a[[telnet/http|telnet]] or [[netcat/http|netcat]]. Make sure to run%0a[[telnet/http|telnet]] and [[netcat/http|netcat]] on another computer that is%0anot the web server:%0a%0a[@%0a$ telnet example.com 80%0a@]%0a%0aThen type these two lines:%0a%0a[@%0aGET /index.html HTTP/1.1%0aHost: example.com%0a@]%0a%0aIf you do not get the correct response, double check your%0a[[openhttpd/configure|openhttpd configuration]].%0a%0a'''Note''': A web browser can also be used for testing, but check to make sure%0athat your web browser is not automatically enforcing SSL/TLS. The certificate%0aauthority will only check port 80 (plaintext), not port 443 (encrypted with%0aTLS).%0a%0a!!! Incorrect File Permissions%0a%0aDouble check @@/var/www@@ and @@/var/www/acme@@ to ensure they have correct%0afile permissions:%0a%0a[@%0a$ ls -ld /var/www /var/www/acme%0adrwxr-xr-x 10 root daemon 512 Oct 5 07:47 /var/www%0adrwxr-xr-x 2 root daemon 512 Oct 5 07:47 /var/www/acme%0a@]%0a%0aSee Also:%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a|| [[openhttpd/configure|Configure OpenHTTPd]] || Configure HTTPd ||%0a|| [[telnet/http|Telnet HTTP]] || Use Telnet to Troubleshoot HTTP ||%0a|| [[openssl/http|OpenSSL HTTP]] || Use OpenSSL to Troubleshoot HTTPS ||%0a
+time=1731549475
title=Configuring Acme-client
+author:1731549475=jrmu
+diff:1731549475:1731548898:=338,343d337%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]] uses the%0a%3c [[https://https://letsencrypt.org/docs/challenge-types/|http-01]] challenge. A%0a%3c file is created with a special message in @@/var/www/acme/@@, and the%0a%3c certificate authority requests that file using the URL%0a%3c @@http://example.com/.well-known/acme-challenge/*@@. )%0a%3c %0a345c339,341%0a%3c acme-client won't work.%0a---%0a> [[https://man.openbsd.org/acme-client.1|acme-client(1)]] won't work.%0a> %0a> (acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. )%0a
+host:1731549475=198.251.82.194
+author:1731548898=jrmu
+csum:1731548898=Clarify errors related to DNS records
+diff:1731548898:1731548539:=293,295c293,297%0a%3c If you see an error message like the following, it's possible that your domain%0a%3c records are missing:%0a%3c %0a---%0a> It's possible that your domain records are missing. As mentioned earlier, it%0a> is important to test that your DNS records are set up properly by using%0a> [[host/usage|host]] or [[dig/usage|dig]] before running%0a> [[https://man.openbsd.org/acme-client.1|acme-client(1)]]:%0a> %0a297,298c299%0a%3c acme-client: DNS problem: NXDOMAIN looking up A for example.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for example.com - check that a DNS record exists for this domain%0a%3c acme-client: bad exit: netproc(58463): 1%0a---%0a> $ host example.com%0a301,304c302,303%0a%3c As mentioned earlier, it is important to test that your DNS records are set up%0a%3c properly by using [[host/usage|host]] or [[dig/usage|dig]] before running%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]]:%0a%3c %0a---%0a> You should see one or two records like the following:%0a> %0a306,307c305,306%0a%3c $ host example.com%0a%3c Host example.com not found: 3(NXDOMAIN)%0a---%0a> example.com has address 93.184.216.34%0a> example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a310,313c309,310%0a%3c An NXDOMAIN (Non-eXistent DOMAIN) response indicates the DNS record is missing.%0a%3c %0a%3c Properly configured records should appear as follows:%0a%3c %0a---%0a> If you have missing records, you will see this response:%0a> %0a315,316c312%0a%3c example.com has address 93.184.216.34%0a%3c example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a---%0a> Host example.com not found: 3(NXDOMAIN)%0a321,322c317%0a%3c If DNS records are missing or incorrect, fix these before continuing with%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]].%0a---%0a> If DNS records are missing or incorrect, fix these first.%0a
+host:1731548898=198.251.82.194
+author:1731548539=jrmu
+diff:1731548539:1731547855:=209d208%0a%3c acme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0a210a210%0a> acme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0a213,217c213,216%0a%3c acme-client: acme-v02.api.letsencrypt.org: DNS: 2606:4700:60:0:f53d:5624:85c7:3a2c%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/429811085347%0a%3c acme-client: challenge, token: ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ, status: 0%0a%3c acme-client: /var/www/acme/ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk: created%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ: challenge%0a---%0a> acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0a> acme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 0%0a> acme-client: /var/www/acme/uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs: created%0a> acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A: challenge%0a219,225c218,219%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/429811085347%0a%3c acme-client: challenge, token: ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ, status: 0%0a%3c acme-client: /var/www/acme/ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk: created%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ: challenge%0a%3c acme-client: order.status 0%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/429811085347%0a%3c acme-client: challenge, token: ORORKoTwrtvDrb3tfLusX4rbar1BlJALiVx5i-CtZXk, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/429811085347/Kca9eQ, status: 2%0a---%0a> acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0a> acme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 2%0a227c221%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/2055551047/322888040587: certificate%0a---%0a> acme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/113861127/8112730231: certificate%0a229c223%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/cert/04189299823525c8271ab890b189e381835a: certificate%0a---%0a> acme-client: https://acme-v02.api.letsencrypt.org/acme/cert/03f7fd846802cb0689c2bbd7b6f5e89eb66b: certificate%0a233,234c227%0a%3c The last line says that the public certificate was generated. If you see that%0a%3c last line, it's a success!%0a---%0a> The last line says that the public certificate was generated. If you see that, it's a success!%0a
+host:1731548539=198.251.82.194
+author:1731547855=jrmu
+diff:1731547855:1731482958:=194,195c194,195%0a%3c staging certificate, remember to change this line back to an accepted authority%0a%3c (such as @@sign with letsencrypt@@)!%0a---%0a> staging certificate, remember change this line back to an accepted authority%0a> (such as @@sign with letsencrypt@@).%0a
+host:1731547855=198.251.82.194
+author:1731482958=jrmu
+diff:1731482958:1731482046:=265,267c265%0a%3c If you add a new alternative name inside your domain block in%0a%3c [[https://man.openbsd.org/acme-client.conf|acme-client.conf(5)]], you will see%0a%3c this error:%0a---%0a> If you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a273,277c271,272%0a%3c Here, @@new.example.com@@ was a new alternative name you added. The solution is%0a%3c to move your old public cert and private key to a new location. This creates a%0a%3c backup in case the next certificate signing request fails. Then, request a new%0a%3c cert again.%0a%3c %0a---%0a> Here, @@new.example.com@@ was a new alternative name you added. The solution is to move your old public cert and private key to a new location (to back it up). Then, request the cert again.%0a> %0a281d275%0a%3c $ doas acme-client -Fv example.com%0a283a278,283%0a> Then request the cert again:%0a> %0a> [@%0a> $ doas acme-client -Fv example.com%0a> @]%0a> %0a286,290c286,287%0a%3c It's possible that your domain records are missing. As mentioned earlier, it%0a%3c is important to test that your DNS records are set up properly by using%0a%3c [[host/usage|host]] or [[dig/usage|dig]] before running%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]]:%0a%3c %0a---%0a> It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a> %0a308,323c305,312%0a%3c You will either need to speak with your DNS provider or troubleshoot your%0a%3c authoritative nameserver, which on OpenBSD is usually [[nsd/troubleshoot|nsd]].%0a%3c If DNS records are missing or incorrect, fix these first.%0a%3c %0a%3c The IPv4 and IPv6 address must exactly match the IPs that%0a%3c [[openhttpd/configure|OpenHTTPd]] is listening on. If they do not match, you%0a%3c must fix this.%0a%3c %0a%3c '''Note''': You '''cannot''' request certificates for a domain that doesn't%0a%3c point to your server! The domain must point to an IP address your server%0a%3c controls.%0a%3c %0a%3c Lastly, if your DNS record includes an IPv6 address, make sure your web server%0a%3c is listening on IPv6. If the DNS record contains an IPv4 address, make sure%0a%3c your web server is listening on IPv4.%0a%3c %0a---%0a> You will either need to speak with your DNS provider or troubleshoot [[nsd/troubleshoot|nsd]]. If DNS records are missing or incorrect, fix these first.%0a> %0a> The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. If they do not match, you must fix this.%0a> %0a> '''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a> %0a> Lastly, if your DNS record includes an IPv6 address, make sure your web server is listening on IPv6. If the DNS record contains an IPv4 address, make sure your web server is listening on IPv4.%0a> %0a326,328c315,316%0a%3c If [[openhttpd/configure|openhttpd]] is not configured and running properly,%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]] won't work.%0a%3c %0a---%0a> If [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a> %0a331,335c319,320%0a%3c To test if your web server is serving documents properly, use%0a%3c [[telnet/http|telnet]] or [[netcat/http|netcat]]. Make sure to run%0a%3c [[telnet/http|telnet]] and [[netcat/http|netcat]] on another computer that is%0a%3c not the web server:%0a%3c %0a---%0a> To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain) on another computer.%0a> %0a337a323,324%0a> GET /index.html HTTP/1.1%0a> Host: example.com%0a340,354c327,330%0a%3c Then type these two lines:%0a%3c %0a%3c [@%0a%3c GET /index.html HTTP/1.1%0a%3c Host: example.com%0a%3c @]%0a%3c %0a%3c If you do not get the correct response, double check your%0a%3c [[openhttpd/configure|openhttpd configuration]].%0a%3c %0a%3c '''Note''': A web browser can also be used for testing, but check to make sure%0a%3c that your web browser is not automatically enforcing SSL/TLS. The certificate%0a%3c authority will only check port 80 (plaintext), not port 443 (encrypted with%0a%3c TLS).%0a%3c %0a---%0a> If you do not get the correct response, double check your [[openhttpd/configure|openhttpd configuration]].%0a> %0a> '''Note''': Although a web browser can also be used for testing, many web browsers automatically forward all port 80 requests to port 443. As a result, your web browser will only see what is listening on port 443, whereas the certificate authority tests port 80 only.%0a> %0a357,358c333%0a%3c Double check @@/var/www@@ and @@/var/www/acme@@ to ensure they have correct%0a%3c file permissions:%0a---%0a> Double check @@/var/www@@ and @@/var/www/acme@@ for correct file permissions:%0a
+host:1731482958=198.251.82.194
+author:1731482046=jrmu
+diff:1731482046:1731469322:=75,77c75,76%0a%3c @@contact "mailto:me@example.com"@@ inside both blocks. (Make sure to include%0a%3c @@mailto:@@):%0a%3c %0a---%0a> @@contact "mailto:me@example.com"@@ inside both blocks. (Make sure to include @@mailto:@@):%0a> %0a139,142c138,140%0a%3c alternative names can cause%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]] to fail. We recommend%0a%3c keeping the number of alternative names to 5 or fewer.%0a%3c %0a---%0a> alternative names can cause acme-client's certificate request to fail. We%0a> recommend keeping the number of alternative names to under 5.%0a> %0a162,165c160,161%0a%3c Next, the @@domain key@@ and @@domain full chain certificate@@ tell%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]] where to put the%0a%3c private key and certificate:%0a%3c %0a---%0a> Next, the @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a> %0a171,196c167,174%0a%3c '''Note''': By default,%0a%3c [[https://man.openbsd.org/acme-client.conf.5|acme-client.conf(5)]]%0a%3c uses the path @@/etc/ssl/example.com.fullchain.pem@@ for the full chain%0a%3c certificate. Our guide, however, changes the path to%0a%3c @@/etc/ssl/example.com.crt@@. We make this change because we later plan to use%0a%3c [[relayd/acceleration|relayd]] to provide SSL acceleration, and%0a%3c [[relayd/acceleration|relayd]] hard codes the paths it searches for the public%0a%3c and private keypair. [[https://man.openbsd.org/relayd.8|relayd(8)]] will only%0a%3c search for public certificates that end in the @@.crt@@ suffix; it will ignore%0a%3c certificates that end with the suffix @@.fullchain.pem@@.%0a%3c %0a%3c In our configuration, the public key will go inside the folder @@/etc/ssl@@,%0a%3c and the private key will go inside @@/etc/ssl/private@@.%0a%3c %0a%3c The line @@sign with letsencrypt@@ line tells%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]] which Certificate%0a%3c Authority (which you defined in the authority blocks) to use.%0a%3c %0a%3c For testing purposes, you may want to change it to @@letsencrypt-staging@@. You%0a%3c can also consider using @@buypass@@ or @@buypass-test@@.%0a%3c %0a%3c '''Note''': staging or testing certificates are not recognized by most browsers%0a%3c and will be rejected as an invalid certificate. After you finish testing with a%0a%3c staging certificate, remember change this line back to an accepted authority%0a%3c (such as @@sign with letsencrypt@@).%0a%3c %0a---%0a> The public key goes inside the folder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a> %0a> The line @@sign with letsencrypt@@ line tells Acme-client which Certificate Authority (which you defined in the Authority Blocks) to use.%0a> %0a> For testing purposes, you may want to change it to @@letsencrypt-staging@@. You can also consider using @@buypass@@ or @@buypass-test@@.%0a> %0a> '''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority (such as @@sign with letsencrypt@@).%0a> %0a229,232c207,208%0a%3c You now have two certificates, the public key inside%0a%3c @@/etc/ssl/example.com.crt@@, and the private key inside%0a%3c @@/etc/ssl/private/example.com.key@@:%0a%3c %0a---%0a> You now have two certificates, the public key inside @@/etc/ssl/example.com.crt@@, and the private key inside @@/etc/ssl/private/example.com.key@@:%0a> %0a241,245c217,218%0a%3c Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after%0a%3c 180. For both, you must remember to request the TLS cert before expiration, or%0a%3c TLS will stop validating properly. To avoid forgetting, we can automate the%0a%3c request process using [[crontab/edit|crontab]].%0a%3c %0a---%0a> Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a> %0a256,257c229%0a%3c This cronjob will check the certificate once each day, at a random time of day,%0a%3c to see if it needs to be renewed. If it does, it will renew the cert.%0a---%0a> This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a
+host:1731482046=198.251.82.194
author:1731469322=jrmu
diff:1731469322:1731469126:=137,143c137,140%0a%3c '''Warning''': While a handful of alternative names are fine, using too many%0a%3c alternative names can cause acme-client's certificate request to fail. We%0a%3c recommend keeping the number of alternative names to under 5.%0a%3c %0a%3c '''Warning''': Having the @@alternative names@@ directive with nothing inside%0a%3c will cause errors. The example below will cause errors:%0a%3c %0a---%0a> If you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, we recommend keeping the number of alternative names to under 5.%0a> %0a> '''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. For example, the below will cause errors:%0a> %0a148,150c145,146%0a%3c If you don't need any alternative names, comment this line out by putting a #%0a%3c at the beginning of the line, like so:%0a%3c %0a---%0a> If you don't need any alternative names, you should comment this line out by putting a # at the beginning of the line, like so:%0a> %0a155,158c151%0a%3c '''Note''': If you add an alternative name to the conf file, but the cert%0a%3c already exists, you must remove the old public cert first before requesting a%0a%3c new one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will%0a%3c complain there is an unknown [[tls/san|Subject Alternative Name]].%0a---%0a> '''Note''': If you add an alternative name to the conf file, but the cert already exists, you must remove the old public cert first before requesting a new one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will complain there is an unknown '''Subject Alternative Name'''.%0a
host:1731469322=198.251.82.194
blob - 37c6ab6817e82cbc9aa06967f1f58c1d4e312daf
blob + 73db8d856d0c2242744fce449a8268d43ddde9db
--- wiki.d/Acme-client.RecentChanges
+++ wiki.d/Acme-client.RecentChanges
ctime=1614076701
host=198.251.82.194
name=Acme-client.RecentChanges
-rev=72
-text=* [[Acme-client/Configure]] . . . @2024-11-13T03:42:02Z by [[~jrmu]]: [==]%0a* [[Acme-client/AutoRenew]] . . . July 03, 2022, at 11:50 AM by [[~mkf]]: [==]%0a
-time=1731469322
+rev=78
+text=* [[Acme-client/Configure]] . . . @2024-11-14T01:57:55Z by [[~jrmu]]: [==]%0a* [[Acme-client/AutoRenew]] . . . July 03, 2022, at 11:50 AM by [[~mkf]]: [==]%0a
+time=1731549475
blob - /dev/null
blob + f1d15fd13246487cdb78f2e557b4d9ec67a12462 (mode 644)
--- /dev/null
+++ wiki.d/Acme-client.Configure-Draft,del-1731467796
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
+author=jrmu
+charset=UTF-8
+csum=
+ctime=1614076701
+host=198.251.82.194
+name=Acme-client.Configure-Draft
+rev=64
+targets=Openhttpd.Configure,Dns.Overview,Host.Usage,Netcat.Http,Crontab.Edit,Nsd.Troubleshoot,Telnet.Http,Openssl.Http
+text=(:title Configuring Acme-client:)%0a%0aTo enable TLS, you will want a certificate signed by a trusted certificate%0aauthority (CA). In this guide, we'll use OpenBSD's%0a[[https://man.openbsd.org/acme-client.1|acme-client(1)]] with Let's Encrypt.%0a%0a!! Overview%0a%0aTLS (Transport Layer Security) aka SSL (Secure Sockets Layer) is the encryption security measure that enables browsers to recognize a website as "secure". In modern browsers the SSL information can be accessed by clicking the padlock icon in the address bar. %0a%0aSSL certificates are obtained from CAs (Certificate Authorities). Currently, the only free CAs are [[https://letsencrypt.org/getting-started/ | Lets Encrypt]], [[https://www.buypass.com/ssl/products/acme | Buypass]] and [[https://zerossl.com/ | ZeroSSL]]. You can request an SSL cert for your web domain using an Automatic Certificate Management Environment (ACME) client such as OpenBSD's Acme-client, which we will configure in this article.%0a%0a!!! Before You Begin %0a%0aYou will first need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need properly functioning [[dns/overview|DNS records]] for your hostname (@@username.example.com@@). If you are using a training vps, it is likely that DNS records for your hostname have already been set up for you.%0a%0aYou can and should test the two configurations using [[host/usage|host]] and [[netcat/http|netcat]].%0a%0aNote: You must have a server block in [[https://man.openbsd.org/httpd.conf|/etc/httpd.conf]] listening on port 80. Do not delete this block or else acme-client will not work.%0a%0a!! Configuration%0a%0aFirst, copy the [[https://man.openbsd.org/acme-client.conf|acme-client.conf]] template:%0a%0a[@%0a$ doas cp /etc/examples/acme-client.conf /etc/acme-client.conf%0a@]%0a%0aWe'll open up [@ /etc/acme-client.conf @] and analyze the meaning of each block:%0a%0a!!! Authority blocks%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a}%0a@]%0a%0aThis defines the Certificate Authority [[https://letsencrypt.org/|letsencrypt]]. It provides the API URL and the location of the account key.%0a%0a'''Note''': Let's Encrypt [[https://letsencrypt.org/docs/rate-limits/|rate-limits]] the number of SSL certs you can request. If you encounter an error and are unable to request an SSL cert, please fix all errors before requesting again. If you request too many certs in a short time, your domain will get blacklisted for a few hours or days. To avoid issues, use letsencrypt-staging first and make sure you get success with that before using letsencrypt.%0a%0aAlthough we are using Let's Encrypt for this tutorial, it is important to note that having the majority of servers depend upon a single provider is dangerous. For this reason, it would be beneficial to someday have the community run its own Certificate Authority to avoid censorship of domains or other security issues.%0a%0a[@%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a}%0a@]%0a%0aletsencrypt-staging is a staging server which you can use to practice requesting fake certificates. The rate limits for the staging server are less strict, so you should practice first with this CA.%0a%0aTo both of these blocks, we will want to add our contact email, so we add [@contact "mailto:me@example.com" @] inside both blocks. (make sure to have the @@mailto:@@):%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a@]%0a%0aNext, the default [[https://man.openbsd.org/acme-client.conf|acme-client.conf]] defines two more authorities:%0a%0a[@%0aauthority buypass {%0a api url "https://api.buypass.com/acme/directory"%0a account key "/etc/acme/buypass-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority buypass-test {%0a api url "https://api.test4.buypass.no/acme/directory"%0a account key "/etc/acme/buypass-test-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a@]%0a%0aThese two blocks are the same as for letsencrypt, but with the alternative provider [[https://buypass.com/|buypass]]. Make sure to replace the contact email with your own email.%0a%0a!!! Domain Block%0a%0a[@%0adomain example.com {%0a alternative names { secure.example.com }%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a sign with letsencrypt%0a}%0a@]%0a%0aFirst, replace every appearance of @@example.com@@ with your own domain.%0a%0aEach SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@example.com@@ and the alternative names @@www.example.com@@ and @@mail.example.com@@. You can safely skip this by commenting out this line (see warning below)%0a%0aIf you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, we recommend keeping the number of alternative names to under 5.%0a%0a'''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. For example, the below will cause errors:%0a%0a[@%0aalternative names { }%0a@]%0a%0aIf you don't need any alternative names, you should comment this line out by putting a # at the beginning of the line, like so:%0a%0a[@%0a# alternative names { }%0a@]%0a%0a'''Note''': If you add an alternative name to the conf file, but the cert already exists, you must remove the old public cert first before requesting a new one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will complain there is an unknown '''Subject Alternative Name'''.%0a%0aNext, the @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a%0a[@%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a@]%0a%0aThe public key goes inside the folder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a%0aThe line @@sign with letsencrypt@@ line tells Acme-client which Certificate Authority (which you defined in the Authority Blocks) to use.%0a%0aFor testing purposes, you may want to change it to @@letsencrypt-staging@@. You can also consider using @@buypass@@ or @@buypass-test@@.%0a%0a'''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority (such as @@sign with letsencrypt@@).%0a%0a!! Requesting Certificates%0a%0aAfter you have finished configuring the conf file, we can request certificates:%0a%0a[@%0a$ doas acme-client -Fv example.com%0a@]%0a%0aIf there are no errors, you should see something similar to the following output:%0a%0a[@%0a$ doas acme-client -Fv example.com%0aacme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key%0aacme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0aacme-client: https://acme-v02.api.letsencrypt.org/directory: directories%0aacme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0aacme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 0%0aacme-client: /var/www/acme/uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs: created%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A: challenge%0aacme-client: order.status 0%0aacme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0aacme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 2%0aacme-client: order.status 1%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/113861127/8112730231: certificate%0aacme-client: order.status 3%0aacme-client: https://acme-v02.api.letsencrypt.org/acme/cert/03f7fd846802cb0689c2bbd7b6f5e89eb66b: certificate%0aacme-client: /etc/ssl/example.com.crt: created%0a@]%0a%0aThe last line says that the public certificate was generated. If you see that, it's a success!%0a%0aYou now have two certificates, the public key inside @@/etc/ssl/example.com.crt@@, and the private key inside @@/etc/ssl/private/example.com.key@@:%0a%0a[@%0a$ doas ls -l /etc/ssl/example.com.crt /etc/ssl/private/example.com.key%0a-r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/example.com.crt%0a-r-------- 1 root wheel 3272 Feb 25 02:10 /etc/ssl/private/example.com.key%0a@]%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a@]%0a%0aThis cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a%0a!! Troubleshooting%0a%0aIf acme-client fails, there are several possible causes:%0a%0a!!! Domain Not Listed%0a%0aIf you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a %0a[@%0aacme-client: /etc/ssl/example.com.crt: domain not listed: new.example.com%0a@]%0a%0aHere, @@new.example.com@@ was a new alternative name you added. The solution is to move your old public cert and private key to a new location (to back it up). Then, request the cert again.%0a%0a[@%0a$ doas mv /etc/ssl/example.com.crt /etc/ssl/example.com.crt.bak%0a$ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a@]%0a%0aThen request the cert again:%0a%0a[@%0a$ doas acme-client -Fv example.com%0a@]%0a%0a!!! Missing Domain Records%0a%0aIt's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a%0a[@%0a$ host example.com%0a@]%0a%0aYou should see one or two records like the following:%0a%0a[@%0aexample.com has address 93.184.216.34%0aexample.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a@]%0a%0aIf you have missing records, you will see this response:%0a%0a[@%0aHost example.com not found: 3(NXDOMAIN)%0a@]%0a%0aYou will either need to speak with your DNS provider or troubleshoot [[nsd/troubleshoot|nsd]]. If DNS records are missing or incorrect, fix these first.%0a%0aThe IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. If they do not match, you must fix this.%0a%0a'''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a%0aLastly, if your DNS record includes an IPv6 address, make sure your web server is listening on IPv6. If the DNS record contains an IPv4 address, make sure your web server is listening on IPv4.%0a%0a!!! OpenHTTPd Misconfigured%0a%0aIf [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a%0a(acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. )%0a%0aTo test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain) on another computer.%0a%0a[@%0a$ telnet example.com 80%0aGET /index.html HTTP/1.1%0aHost: example.com%0a@]%0a%0aIf you do not get the correct response, double check your [[openhttpd/configure|openhttpd configuration]].%0a%0a'''Note''': Although a web browser can also be used for testing, many web browsers automatically forward all port 80 requests to port 443. As a result, your web browser will only see what is listening on port 443, whereas the certificate authority tests port 80 only.%0a%0a!!! Incorrect File Permissions%0a%0aDouble check @@/var/www@@ and @@/var/www/acme@@ for correct file permissions:%0a%0a[@%0a$ ls -ld /var/www /var/www/acme%0adrwxr-xr-x 10 root daemon 512 Oct 5 07:47 /var/www%0adrwxr-xr-x 2 root daemon 512 Oct 5 07:47 /var/www/acme%0a@]%0a%0aSee Also:%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a|| [[openhttpd/configure|Configure OpenHTTPd]] || Configure HTTPd ||%0a|| [[telnet/http|Telnet HTTP]] || Use Telnet to Troubleshoot HTTP ||%0a|| [[openssl/http|OpenSSL HTTP]] || Use OpenSSL to Troubleshoot HTTPS ||%0a
+time=1731466737
+title=Configuring Acme-client
+author:1731466737=jrmu
+diff:1731466737:1677449211:=3,5c3%0a%3c To enable TLS, you will want a certificate signed by a trusted certificate%0a%3c authority (CA). In this guide, we'll use OpenBSD's%0a%3c [[https://man.openbsd.org/acme-client.1|acme-client(1)]] with Let's Encrypt.%0a---%0a> To enable TLS, you will want a certificate signed by a trusted certificate authority (CA). In this guide, we'll use OpenBSD's [[https://man.openbsd.org/acme-client|acme-client]] with Let's Encrypt.%0a
+host:1731466737=198.251.82.194
+author:1677449211=jrmu
+csum:1677449211=Revert as I'm not sure if /etc/daily.local is better
+diff:1677449211:1676040598:=175,176c175,176%0a%3c Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a%3c %0a---%0a> Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]] by writing script at @@/etc/daily.local@@%0a> %0a178c178%0a%3c $ doas crontab -e%0a---%0a> $ nano /etc/daily.local%0a181,182c181,182%0a%3c Add this line at the bottom:%0a%3c %0a---%0a> Add this code at the script file:%0a> %0a184c184,186%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a---%0a> #!/bin/ksh%0a> %0a> acme-client -v example.com >> /var/log/acme-client.log 2>&1%0a187c189,190%0a%3c This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a---%0a> %0a> This cronjob script will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a
+host:1677449211=38.87.162.8
+author:1676040598=Yonle
+diff:1676040598:1676040568:=186c186%0a%3c acme-client -v example.com >> /var/log/acme-client.log 2>&1%0a---%0a> acme-client example.com >> /var/log/acme-client.log 2>&1%0a
+host:1676040598=114.125.5.157
+author:1676040568=Yonle
+diff:1676040568:1676040479:=181c181%0a%3c Add this code at the script file:%0a---%0a> Add this line at the script file:%0a
+host:1676040568=114.125.5.157
+author:1676040479=Yonle
+csum:1676040479=Use /etc/daily.local
+diff:1676040479:1655193716:=175,176c175,176%0a%3c Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]] by writing script at @@/etc/daily.local@@%0a%3c %0a---%0a> Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a> %0a178c178%0a%3c $ nano /etc/daily.local%0a---%0a> $ doas crontab -e%0a181,182c181,182%0a%3c Add this line at the script file:%0a%3c %0a---%0a> Add this line at the bottom:%0a> %0a184,186c184%0a%3c #!/bin/ksh%0a%3c %0a%3c acme-client example.com >> /var/log/acme-client.log 2>&1%0a---%0a> ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a189,190c187%0a%3c %0a%3c This cronjob script will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a---%0a> This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a
+host:1676040479=114.125.5.157
+author:1655193716=jrmu
+diff:1655193716:1655192828:=173,176c173,180%0a%3c !! Automation%0a%3c %0a%3c Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a%3c %0a---%0a> !! Troubleshooting%0a> %0a> If acme-client fails, there are several possible causes:%0a> %0a> !!! Domain Not Listed%0a> %0a> If you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a> %0a178c182%0a%3c $ doas crontab -e%0a---%0a> acme-client: /etc/ssl/example.com.crt: domain not listed: new.example.com%0a181,182c185,186%0a%3c Add this line at the bottom:%0a%3c %0a---%0a> Here, @@new.example.com@@ was a new alternative name you added. The solution is to move your old public cert and private key to a new location (to back it up). Then, request the cert again.%0a> %0a184c188,189%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a---%0a> $ doas mv /etc/ssl/example.com.crt /etc/ssl/example.com.crt.bak%0a> $ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a187,196c192,193%0a%3c This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If acme-client fails, there are several possible causes:%0a%3c %0a%3c !!! Domain Not Listed%0a%3c %0a%3c If you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a%3c %0a---%0a> Then request the cert again:%0a> %0a198c195%0a%3c acme-client: /etc/ssl/example.com.crt: domain not listed: new.example.com%0a---%0a> $ doas acme-client -Fv example.com%0a201,202c198,201%0a%3c Here, @@new.example.com@@ was a new alternative name you added. The solution is to move your old public cert and private key to a new location (to back it up). Then, request the cert again.%0a%3c %0a---%0a> !!! Missing Domain Records%0a> %0a> It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a> %0a204,205c203%0a%3c $ doas mv /etc/ssl/example.com.crt /etc/ssl/example.com.crt.bak%0a%3c $ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a---%0a> $ host example.com%0a208,209c206,207%0a%3c Then request the cert again:%0a%3c %0a---%0a> You should see one or two records like the following:%0a> %0a211c209,210%0a%3c $ doas acme-client -Fv example.com%0a---%0a> example.com has address 93.184.216.34%0a> example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a214,217c213,214%0a%3c !!! Missing Domain Records%0a%3c %0a%3c It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a%3c %0a---%0a> If you have missing records, you will see this response:%0a> %0a219c216%0a%3c $ host example.com%0a---%0a> Host example.com not found: 3(NXDOMAIN)%0a222,234d218%0a%3c You should see one or two records like the following:%0a%3c %0a%3c [@%0a%3c example.com has address 93.184.216.34%0a%3c example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a%3c @]%0a%3c %0a%3c If you have missing records, you will see this response:%0a%3c %0a%3c [@%0a%3c Host example.com not found: 3(NXDOMAIN)%0a%3c @]%0a%3c %0a249,250c233,234%0a%3c To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain) on another computer.%0a%3c %0a---%0a> To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain) from another computer:%0a> %0a257,264c241,242%0a%3c If you do not get the correct response, double check your [[openhttpd/configure|openhttpd configuration]].%0a%3c %0a%3c '''Note''': Although a web browser can also be used for testing, many web browsers automatically forward all port 80 requests to port 443. As a result, your web browser will only see what is listening on port 443, whereas the certificate authority tests port 80 only.%0a%3c %0a%3c !!! Incorrect File Permissions%0a%3c %0a%3c Double check @@/var/www@@ and @@/var/www/acme@@ for correct file permissions:%0a%3c %0a---%0a> You should a response similar to the one below:%0a> %0a266,268c244,251%0a%3c $ ls -ld /var/www /var/www/acme%0a%3c drwxr-xr-x 10 root daemon 512 Oct 5 07:47 /var/www%0a%3c drwxr-xr-x 2 root daemon 512 Oct 5 07:47 /var/www/acme%0a---%0a> HTTP/1.0 302 Found%0a> Date: Tue, 23 Feb 2021 14:01:28 GMT%0a> OpenBSD httpd%0a> Connection: close%0a> Content-Type: text/html%0a> Content-Length: 486%0a> Location: https://example.com/index.html%0a> ...%0a269a253,283%0a> %0a> If you do not get this response, double check your openhttpd configuration.%0a> %0a> '''Note''': Using the telnet command above is more reliable than visiting the URL in a web browser. By default, httpd.conf (and most web browsers) will forward all requests for port 80 to port 443. As a result, your web browser will see what is listening on port 443, but the certificate authority will test port 80 only.%0a> %0a> %0a> !!! Incorrect File Permissions%0a> %0a> Double check the file permissions for /var/www and /var/www/acme:%0a> %0a> [@%0a> $ ls -ld /var/www /var/www/acme%0a> drwxr-xr-x 10 root daemon 512 Oct 5 07:47 /var/www%0a> drwxr-xr-x 2 root daemon 512 Oct 5 07:47 /var/www/acme%0a> @]%0a> %0a> !! Automation%0a> %0a> Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a> %0a> [@%0a> $ doas crontab -e%0a> @]%0a> %0a> Add this line at the bottom:%0a> %0a> [@%0a> ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a> @]%0a> %0a> This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a
+host:1655193716=38.87.162.154
+author:1655192828=jrmu
+diff:1655192828:1655192572:=212a213,222%0a> The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on.%0a> %0a> '''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a> %0a> There are a few possible mistakes:%0a> %0a> # Your web server is listening only one IPv4 but your DNS record includes IPv6; or vice versa.%0a> # You have the wrong IP addresses.%0a> # DNS records are missing.%0a> %0a219,225c229%0a%3c You will either need to speak with your DNS provider or troubleshoot [[nsd/troubleshoot|nsd]]. If DNS records are missing or incorrect, fix these first.%0a%3c %0a%3c The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. If they do not match, you must fix this.%0a%3c %0a%3c '''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a%3c %0a%3c Lastly, if your DNS record includes an IPv6 address, make sure your web server is listening on IPv6. If the DNS record contains an IPv4 address, make sure your web server is listening on IPv4.%0a---%0a> You will either need to speak with your DNS provider or you will need to troubleshoot [[nsd/troubleshoot|nsd]].%0a
+host:1655192828=38.87.162.154
+author:1655192572=jrmu
+diff:1655192572:1655191866:=125,136c125,131%0a%3c The public key goes inside the folder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a%3c %0a%3c The line @@sign with letsencrypt@@ line tells Acme-client which Certificate Authority (which you defined in the Authority Blocks) to use.%0a%3c %0a%3c For testing purposes, you may want to change it to @@letsencrypt-staging@@. You can also consider using @@buypass@@ or @@buypass-test@@.%0a%3c %0a%3c '''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority (such as @@sign with letsencrypt@@).%0a%3c %0a%3c !! Requesting Certificates%0a%3c %0a%3c After you have finished configuring the conf file, we can request certificates:%0a%3c %0a---%0a> Replace @@example.com@@ with your real domain. The public key goes inside the folder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a> %0a> %0a> sign with: %0a> %0a> this line tells Acme-client which CA (that you defined in the Authority Blocks) to use.%0a> %0a138c133%0a%3c $ doas acme-client -Fv example.com%0a---%0a> sign with letsencrypt%0a141,142c136,143%0a%3c If there are no errors, you should see something similar to the following output:%0a%3c %0a---%0a> would cause it to use the CA @@ letsencrypt @@. For testing purposes, change it to @@ letsencrypt-staging @@. If you want to use @@ buypass @@ or it's testing CA @@ buypass-test @@, then change it accordingly.%0a> %0a> '''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority (@@sign with letsencrypt@@).%0a> %0a> !! Requesting Certificates%0a> %0a> After you have finished configuring the conf file, we can request certificates:%0a> %0a144a146,153%0a> @]%0a> %0a> replace @@ example.com @@ with your domain.%0a> %0a> If there are no errors, you should see something similar to the following output:%0a> %0a> [@%0a> $ doas acme-client -Fv example.com%0a163,166c172,175%0a%3c The last line says that the public certificate was generated. If you see that, it's a success!%0a%3c %0a%3c You now have two certificates, the public key inside @@/etc/ssl/example.com.crt@@, and the private key inside @@/etc/ssl/private/example.com.key@@:%0a%3c %0a---%0a> Note the last line: it says that the public certificate was generated. If you see that, it's a success!%0a> %0a> You now have two certificates, the public key inside @@/etc/ssl/example.com.crt@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to):%0a> %0a169,170c178,179%0a%3c -r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/example.com.crt%0a%3c -r-------- 1 root wheel 3272 Feb 25 02:10 /etc/ssl/private/example.com.key%0a---%0a> -r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/jrmu.coconut.ircnow.org.crt%0a> -r-------- 1 root wheel 3272 Feb 25 02:10 /etc/ssl/private/jrmu.coconut.ircnow.org.key%0a185,186c194,197%0a%3c Here, @@new.example.com@@ was a new alternative name you added. The solution is to move your old public cert and private key to a new location (to back it up). Then, request the cert again.%0a%3c %0a---%0a> Here, @@new.example.com@@ was a new alternative name I added. The solution is to move your old public cert and private key to a new location (rather than deleting it, back it up!)%0a> %0a> Example (using example.com):%0a> %0a197a209%0a> %0a217c229%0a%3c There are a few possible mistakes:%0a---%0a> There are a few possible mistakes:%0a
+host:1655192572=38.87.162.154
+author:1655191866=jrmu
+diff:1655191866:1655191536:=98,105c98,105%0a%3c First, replace every appearance of @@example.com@@ with your own domain.%0a%3c %0a%3c Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@example.com@@ and the alternative names @@www.example.com@@ and @@mail.example.com@@. You can safely skip this by commenting out this line (see warning below)%0a%3c %0a%3c If you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, we recommend keeping the number of alternative names to under 5.%0a%3c %0a%3c '''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. For example, the below will cause errors:%0a%3c %0a---%0a> domain: This would configure acme-client for the domain @@ example.com @@. Replace every appearance of @@ example.com @@ with your own domain, which might look like @@ username.fruit.ircnow.org @@.%0a> %0a> alternative names: Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@ example.ircnow.org @@ and the alternative names @@ fruit.ircnow.org @@ and @@ vegetable.ircnow.org @@. You can safely skip this by commenting out this line (see warning below)%0a> %0a> If you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, I recommend keeping the number of alternative names to under 5.%0a> %0a> '''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. The below will cause errors:%0a> %0a116,118c116,121%0a%3c '''Note''': If you add an alternative name to the conf file, but the cert already exists, you must remove the old public cert first before requesting a new one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will complain there is an unknown '''Subject Alternative Name'''.%0a%3c %0a%3c Next, the @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a---%0a> %0a> '''Note''': If you add an alternative name to the conf file, but the cert already exists, you must remove the old public cert first before requesting a new one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will complain there is an unknown Subject Alternative Name.%0a> %0a> domain key, domain full chain certificate:%0a> %0a> The @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a
+host:1655191866=38.87.162.154
+author:1655191536=jrmu
+diff:1655191536:1649038510:=42c42%0a%3c Although we are using Let's Encrypt for this tutorial, it is important to note that having the majority of servers depend upon a single provider is dangerous. For this reason, it would be beneficial to someday have the community run its own Certificate Authority to avoid censorship of domains or other security issues.%0a---%0a> Although we are using Let's Encrypt for this tutorial, it is important to note that Let's Encrypt currently has a monopoly on free SSL certs. For this reason, IRCNow wants to run its own Certificate Authority in case Let's Encrypt should try to censor our domains.%0a
+host:1655191536=38.87.162.154
+author:1649038510=jrmu
+diff:1649038510:1644404186:=299c299%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1%0a---%0a> ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && rcctl reload httpd%0a302c302%0a%3c This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert.%0a---%0a> This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert, then reload openhttpd to use it.%0a
+host:1649038510=38.87.162.154
+author:1644404186=SummerSonw
+csum:1644404186=https://acme-staging-v02.api.letsencrypt.org/directory
+diff:1644404186:1644404177:=
+host:1644404186=203.77.49.232
+author:1644404177=SummerSonw
+csum:1644404177=https://acme-staging-v02.api.letsencrypt.org/directory
+diff:1644404177:1644404155:=
+host:1644404177=203.77.49.232
+author:1644404155=SummerSonw
+csum:1644404155=https://acme-staging-v02.api.letsencrypt.org/directory
+diff:1644404155:1643583464:=46c46%0a%3c api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a---%0a> api url "https://acme-staging.api.letsencrypt.org/directory"%0a
+host:1644404155=203.77.49.232
+author:1643583464=jrmu
+diff:1643583464:1643202311:=299c299%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && rcctl reload httpd%0a---%0a> ~ ~ * * * acme-client example.com && rcctl reload httpd%0a
+host:1643583464=38.87.162.8
+author:1643202311=Naglfar
+csum:1643202311=Update crontab reference
+diff:1643202311:1642281315:=290c290%0a%3c Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/edit|crontab]].%0a---%0a> Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/configure|crontab]].%0a
+host:1643202311=92.191.225.58
+author:1642281315=jan6
+csum:1642281315=fix renewal crontab to run randomly once a day, not once an hour
+diff:1642281315:1636907615:minor=299c299%0a%3c ~ ~ * * * acme-client example.com && rcctl reload httpd%0a---%0a> ~ * * * * acme-client example.com && rcctl reload httpd%0a
+host:1642281315=2a01:4f9:c010:291f::1
+author:1636907615=theguest
+diff:1636907615:1635981333:minor=9c9%0a%3c SSL certificates are obtained from CAs (Certificate Authorities). Currently, the only free CAs are [[https://letsencrypt.org/getting-started/ | Lets Encrypt]], [[https://www.buypass.com/ssl/products/acme | Buypass]] and [[https://zerossl.com/ | ZeroSSL]]. You can request an SSL cert for your web domain using an Automatic Certificate Management Environment (ACME) client such as OpenBSD's Acme-client, which we will configure in this article.%0a---%0a> SSL certificates are obtained from CA's (Certificate Authorities). Currently, the only free CA is Lets Encrypt. You can request an SSL cert for your web domain using an Automatic Certificate Management Environment (ACME) client such as OpenBSD's Acme-client, which we will configure in this article.%0a
+host:1636907615=38.87.162.129
+author:1635981333=jrmu
+diff:1635981333:1635936085:=93c93%0a%3c domain full chain certificate "/etc/ssl/example.com.crt"%0a---%0a> domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a125c125%0a%3c domain full chain certificate "/etc/ssl/example.com.crt"%0a---%0a> domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a172c172%0a%3c acme-client: /etc/ssl/example.com.crt: created%0a---%0a> acme-client: /etc/ssl/example.com.fullchain.pem: created%0a177,178c177,178%0a%3c You now have two certificates, the public key inside @@/etc/ssl/example.com.crt@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to):%0a%3c %0a---%0a> You now have two certificates, the public key inside @@/etc/ssl/example.com.fullchain.pem@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to):%0a> %0a180,181c180,181%0a%3c $ doas ls -l /etc/ssl/example.com.crt /etc/ssl/private/example.com.key%0a%3c -r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/jrmu.coconut.ircnow.org.crt%0a---%0a> $ doas ls -l /etc/ssl/example.com.fullchain.pem /etc/ssl/private/example.com.key%0a> -r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/jrmu.coconut.ircnow.org.fullchain.pem%0a194c194%0a%3c acme-client: /etc/ssl/example.com.crt: domain not listed: new.example.com%0a---%0a> acme-client: /etc/ssl/example.com.fullchain.pem: domain not listed: new.example.com%0a202c202%0a%3c $ doas mv /etc/ssl/example.com.crt /etc/ssl/example.com.crt.bak%0a---%0a> $ doas mv /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com.fullchain.pem.bak%0a
+host:1635981333=38.87.162.47
+author:1635936085=jrmu
+diff:1635936085:1629257098:=11,15c11,15%0a%3c !!! Before You Begin %0a%3c %0a%3c You will first need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need properly functioning [[dns/overview|DNS records]] for your hostname (@@username.example.com@@). If you are using a training vps, it is likely that DNS records for your hostname have already been set up for you.%0a%3c %0a%3c You can and should test the two configurations using [[host/usage|host]] and [[netcat/http|netcat]].%0a---%0a> !!! Prerequisites %0a> %0a> Openhttpd:%0a> %0a> Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning [[dns/overview|DNS records]] for your hostname, which might look like @@username.fruit.ircnow.org@@. If you are using a training vps, it is likely that your DNS record (your domain) is already set up for now, and will have the form @@username.host.ircnow.org@@%0a
+host:1635936085=38.87.162.47
+author:1629257098=craziness
+csum:1629257098=fixed a misspelling
+diff:1629257098:1626873311:=128c128%0a%3c Replace @@example.com@@ with your real domain. The public key goes inside the folder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a---%0a> Replace @@example.com@@ with your real domain. The public key goes inside the forlder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a
+host:1629257098=2601:546:8200:3710::66f4
+author:1626873311=mistera
+diff:1626873311:1626873281:=141c141%0a%3c '''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority (@@sign with letsencrypt@@).%0a---%0a> '''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority.%0a
+host:1626873311=204.111.39.57
+author:1626873281=mistera
+diff:1626873281:1626871882:=
+host:1626873281=204.111.39.57
+author:1626871882=mistera
+diff:1626871882:1626871865:=55c55%0a%3c [@%0a---%0a> @@%0a67c67%0a%3c @]%0a---%0a> @@%0a
+host:1626871882=204.111.39.57
+author:1626871865=mistera
+diff:1626871865:1626871816:=55c55%0a%3c @@%0a---%0a> [@%0a67c67%0a%3c @@%0a---%0a> @]%0a
+host:1626871865=204.111.39.57
+author:1626871816=mistera
+diff:1626871816:1626871739:=53c53%0a%3c To both of these blocks, we will want to add our contact email, so we add [@contact "mailto:me@example.com" @] inside both blocks. (make sure to have the @@mailto:@@):%0a---%0a> To both of these blocks, we will want to add our contact email, so we add @@contact mailto:me@example.com @@ inside both blocks:%0a
+host:1626871816=204.111.39.57
+author:1626871739=mistera
+diff:1626871739:1626871579:=53c53%0a%3c To both of these blocks, we will want to add our contact email, so we add @@contact mailto:me@example.com @@ inside both blocks:%0a---%0a> To both of these blocks, we will want to add our contact email, so we add @@contact "mailto:me@example.com"@@ inside both blocks:%0a
+host:1626871739=204.111.39.57
+author:1626871579=mistera
+diff:1626871579:1626788685:=27c27%0a%3c We'll open up [@ /etc/acme-client.conf @] and analyze the meaning of each block:%0a---%0a> We'll open up /etc/acme-client.conf and analyze the meaning of each block:%0a
+host:1626871579=204.111.39.57
+author:1626788685=mistera
+diff:1626788685:1626786887:=5c5%0a%3c !! Overview%0a---%0a> !! Theory%0a
+host:1626788685=204.111.39.57
+author:1626786887=mistera
+diff:1626786887:1619180493:=5,16c5,8%0a%3c !! Theory%0a%3c %0a%3c TLS (Transport Layer Security) aka SSL (Secure Sockets Layer) is the encryption security measure that enables browsers to recognize a website as "secure". In modern browsers the SSL information can be accessed by clicking the padlock icon in the address bar. %0a%3c %0a%3c SSL certificates are obtained from CA's (Certificate Authorities). Currently, the only free CA is Lets Encrypt. You can request an SSL cert for your web domain using an Automatic Certificate Management Environment (ACME) client such as OpenBSD's Acme-client, which we will configure in this article.%0a%3c %0a%3c !!! Prerequisites %0a%3c %0a%3c Openhttpd:%0a%3c %0a%3c Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning [[dns/overview|DNS records]] for your hostname, which might look like @@username.fruit.ircnow.org@@. If you are using a training vps, it is likely that your DNS record (your domain) is already set up for now, and will have the form @@username.host.ircnow.org@@%0a%3c %0a---%0a> !! Setting up OpenHTTPd%0a> %0a> Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning [[dns/overview|DNS records]] for your hostname, which might look like @@username.fruit.ircnow.org@@.%0a> %0a29,30d20%0a%3c !!! Authority blocks%0a%3c %0a40,41c30,31%0a%3c '''Note''': Let's Encrypt [[https://letsencrypt.org/docs/rate-limits/|rate-limits]] the number of SSL certs you can request. If you encounter an error and are unable to request an SSL cert, please fix all errors before requesting again. If you request too many certs in a short time, your domain will get blacklisted for a few hours or days. To avoid issues, use letsencrypt-staging first and make sure you get success with that before using letsencrypt.%0a%3c %0a---%0a> '''Note''': Let's Encrypt [[https://letsencrypt.org/docs/rate-limits/|rate-limits]] the number of SSL certs you can request. If you encounter an error and are unable to request an SSL cert, please fix all errors before requesting again. If you request too many certs in a short time, your domain will get blacklisted for a few hours or days.%0a> %0a87,88d76%0a%3c !!! Domain Block%0a%3c %0a98,101c86,89%0a%3c domain: This would configure acme-client for the domain @@ example.com @@. Replace every appearance of @@ example.com @@ with your own domain, which might look like @@ username.fruit.ircnow.org @@.%0a%3c %0a%3c alternative names: Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@ example.ircnow.org @@ and the alternative names @@ fruit.ircnow.org @@ and @@ vegetable.ircnow.org @@. You can safely skip this by commenting out this line (see warning below)%0a%3c %0a---%0a> This configures acme-client for the domain example.com. You'll want to replace every appearance of @@example.com@@ with your own domain, which might look like @@username.fruit.ircnow.org@@.%0a> %0a> Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@example.ircnow.org@@ and the alternative names @@fruit.ircnow.org@@ and @@vegetable.ircnow.org@@.%0a> %0a119,120d106%0a%3c domain key, domain full chain certificate:%0a%3c %0a128,134c114,117%0a%3c Replace @@example.com@@ with your real domain. The public key goes inside the forlder @@/etc/ssl@@ and the private key goes inside @@/etc/ssl/private@@.%0a%3c %0a%3c %0a%3c sign with: %0a%3c %0a%3c this line tells Acme-client which CA (that you defined in the Authority Blocks) to use.%0a%3c %0a---%0a> You will want to replace @@example.com@@ with your real domain. The public key should go inside @@/etc/ssl@@ and the private key should go inside @@/etc/ssl/private@@.%0a> %0a> If you want to sign with buypass, test a staging certificate (to avoid using up your rate-limit), or switch to another authority, then edit this line:%0a> %0a139,142c122,128%0a%3c would cause it to use the CA @@ letsencrypt @@. For testing purposes, change it to @@ letsencrypt-staging @@. If you want to use @@ buypass @@ or it's testing CA @@ buypass-test @@, then change it accordingly.%0a%3c %0a%3c '''Note''': staging or testing certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, change this line back to an official authority.%0a%3c %0a---%0a> Change it to match one of your defined authorities. For example:%0a> %0a> # To test with letsencrypt-staging, replace it with @@sign with letsencrypt-staging@@.%0a> # To sign with buypass, replace it with @@sign with buypass@@.%0a> %0a> '''Note''': staging certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, you will want to get a properly signed one.%0a> %0a151,152d136%0a%3c replace @@ example.com @@ with your domain.%0a%3c %0a175,176c159,160%0a%3c Note the last line: it says that the public certificate was generated. If you see that, it's a success!%0a%3c %0a---%0a> Pay attention to the last line: it says that the public certificate was generated. If you see that, it's a success!%0a> %0a189,192c173,176%0a%3c !!! Domain Not Listed%0a%3c %0a%3c If you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a%3c %0a---%0a> !!! Missing Domain Records%0a> %0a> It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a> %0a194c178%0a%3c acme-client: /etc/ssl/example.com.fullchain.pem: domain not listed: new.example.com%0a---%0a> $ host example.com%0a197,200c181,182%0a%3c Here, @@new.example.com@@ was a new alternative name I added. The solution is to move your old public cert and private key to a new location (rather than deleting it, back it up!)%0a%3c %0a%3c Example (using example.com):%0a%3c %0a---%0a> You should see one or two records like the following:%0a> %0a202,203c184,185%0a%3c $ doas mv /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com.fullchain.pem.bak%0a%3c $ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a---%0a> example.com has address 93.184.216.34%0a> example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a206,207c188,199%0a%3c Then request the cert again:%0a%3c %0a---%0a> The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on.%0a> %0a> '''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a> %0a> There are a few possible mistakes:%0a> %0a> # Your web server is listening only one IPv4 but your DNS record includes IPv6; or vice versa.%0a> # You have the wrong IP addresses.%0a> # DNS records are missing.%0a> %0a> If you have missing records, you will see this response:%0a> %0a209c201%0a%3c $ doas acme-client -Fv example.com%0a---%0a> Host example.com not found: 3(NXDOMAIN)%0a212,216c204,211%0a%3c %0a%3c !!! Missing Domain Records%0a%3c %0a%3c It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a%3c %0a---%0a> You will either need to speak with your DNS provider or you will need to troubleshoot [[nsd/troubleshoot|nsd]].%0a> %0a> !!! OpenHTTPd Misconfigured%0a> %0a> acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. If [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a> %0a> To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain):%0a> %0a218c213,215%0a%3c $ host example.com%0a---%0a> $ telnet example.com 80%0a> GET /index.html HTTP/1.1%0a> Host: example.com%0a221,222c218,219%0a%3c You should see one or two records like the following:%0a%3c %0a---%0a> You should a response similar to the one below:%0a> %0a224,225c221,228%0a%3c example.com has address 93.184.216.34%0a%3c example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a---%0a> HTTP/1.0 302 Found%0a> Date: Tue, 23 Feb 2021 14:01:28 GMT%0a> OpenBSD httpd%0a> Connection: close%0a> Content-Type: text/html%0a> Content-Length: 486%0a> Location: https://example.com/index.html%0a> ...%0a228,239c231,238%0a%3c The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on.%0a%3c %0a%3c '''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a%3c %0a%3c There are a few possible mistakes:%0a%3c %0a%3c # Your web server is listening only one IPv4 but your DNS record includes IPv6; or vice versa.%0a%3c # You have the wrong IP addresses.%0a%3c # DNS records are missing.%0a%3c %0a%3c If you have missing records, you will see this response:%0a%3c %0a---%0a> If you do not get this response, double check your openhttpd configuration.%0a> %0a> '''Note''': Using the telnet command above is more reliable than visiting the URL in a web browser. By default, httpd.conf (and most web browsers) will forward all requests for port 80 to port 443. As a result, your web browser will see what is listening on port 443, but the certificate authority will test port 80 only.%0a> %0a> !!! Domain Not Listed%0a> %0a> If you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a> %0a241c240%0a%3c Host example.com not found: 3(NXDOMAIN)%0a---%0a> acme-client: /etc/ssl/example.com.fullchain.pem: domain not listed: new.example.com%0a244,253c243,244%0a%3c You will either need to speak with your DNS provider or you will need to troubleshoot [[nsd/troubleshoot|nsd]].%0a%3c %0a%3c !!! OpenHTTPd Misconfigured%0a%3c %0a%3c If [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a%3c %0a%3c (acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. )%0a%3c %0a%3c To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain) from another computer:%0a%3c %0a---%0a> Here, @@new.example.com@@ was a new alternative name I added. The solution is to move your old public cert and private key to a new location, then request the cert again:%0a> %0a255,257c246,247%0a%3c $ telnet example.com 80%0a%3c GET /index.html HTTP/1.1%0a%3c Host: example.com%0a---%0a> $ doas mv /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com.fullchain.pem.bak%0a> $ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a260,261c250,251%0a%3c You should a response similar to the one below:%0a%3c %0a---%0a> Again, you must replace @@example.com@@ with your actual domain. Then:%0a> %0a263,270c253%0a%3c HTTP/1.0 302 Found%0a%3c Date: Tue, 23 Feb 2021 14:01:28 GMT%0a%3c OpenBSD httpd%0a%3c Connection: close%0a%3c Content-Type: text/html%0a%3c Content-Length: 486%0a%3c Location: https://example.com/index.html%0a%3c ...%0a---%0a> $ doas acme-client -Fv example.com%0a272,276d254%0a%3c %0a%3c If you do not get this response, double check your openhttpd configuration.%0a%3c %0a%3c '''Note''': Using the telnet command above is more reliable than visiting the URL in a web browser. By default, httpd.conf (and most web browsers) will forward all requests for port 80 to port 443. As a result, your web browser will see what is listening on port 443, but the certificate authority will test port 80 only.%0a%3c %0a
+host:1626786887=204.111.39.57
+author:1619180493=jrmu
+diff:1619180493:1619176983:=105c105,106%0a%3c '''Note''': If you add an alternative name to the conf file, but the cert already exists, you must remove the old public cert first before requesting a new one. Otherwise, you will get @@unknown SAN error@@ -- acme-client will complain there is an unknown Subject Alternative Name.%0a---%0a> '+'''Please note that if you add an alternative name while there is already an existing cert, that you have to remove the old certs and then use continue.'''+'%0a> %0a
+host:1619180493=198.251.81.119
+author:1619176983=miniontoby
+csum:1619176983=cert
+diff:1619176983:1619176919:=104,107d103%0a%3c %0a%3c '+'''Please note that if you add an alternative name while there is already an existing cert, that you have to remove the old certs and then use continue.'''+'%0a%3c %0a%3c %0a281a278,282%0a> %0a> %0a> '+'''Please note that if you add an alternative name, that you have to remove the old certs and then use acme-client.'''+'%0a> %0a> %0a
+host:1619176983=77.168.188.164
+author:1619176919=miniontoby
+diff:1619176919:1614320419:=278,282d277%0a%3c %0a%3c %0a%3c '+'''Please note that if you add an alternative name, that you have to remove the old certs and then use acme-client.'''+'%0a%3c %0a%3c %0a
+host:1619176919=77.168.188.164
+author:1614320419=jrmu
+diff:1614320419:1614254423:=265c265%0a%3c Let's Encrypt TLS certs expire after 90 days, while Buypass certs expire after 180. For both, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/configure|crontab]].%0a---%0a> ACME TLS certs expire after 90 days. So, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/configure|crontab]].%0a
+host:1614320419=198.251.81.119
+author:1614254423=jrmu
+diff:1614254423:1614254344:=277c277%0a%3c This cronjob will check the certificate once each day, at a random time of day, to see if it needs to be renewed. If it does, it will renew the cert, then reload openhttpd to use it.%0a---%0a> This cronjob will check the certificate once a day to see if it needs to be renewed. If it does, it will renew the cert, then reload openhttpd to use it.%0a
+host:1614254423=198.251.81.119
+author:1614254344=jrmu
+diff:1614254344:1614248928:=262,277d261%0a%3c %0a%3c !! Automation%0a%3c %0a%3c ACME TLS certs expire after 90 days. So, you must remember to request the TLS cert or TLS will stop working. To avoid forgetting, we can automate the request process using [[crontab/configure|crontab]].%0a%3c %0a%3c [@%0a%3c $ doas crontab -e%0a%3c @]%0a%3c %0a%3c Add this line at the bottom:%0a%3c %0a%3c [@%0a%3c ~ * * * * acme-client example.com && rcctl reload httpd%0a%3c @]%0a%3c %0a%3c This cronjob will check the certificate once a day to see if it needs to be renewed. If it does, it will renew the cert, then reload openhttpd to use it.%0a
+host:1614254344=198.251.81.119
+author:1614248928=jrmu
+diff:1614248928:1614248764:=265,268c265,267%0a%3c || border=1 width=100%25 class="sortable simpletable"%0a%3c || [[openhttpd/configure|Configure OpenHTTPd]] || Configure HTTPd ||%0a%3c || [[telnet/http|Telnet HTTP]] || Use Telnet to Troubleshoot HTTP ||%0a%3c || [[openssl/http|OpenSSL HTTP]] || Use OpenSSL to Troubleshoot HTTPS ||%0a---%0a> [[openhttpd/configure|Configure OpenHTTPd]]%0a> [[telnet/HTTP|Telnet HTTP]]%0a> [[openssl/HTTP|OpenSSL HTTP]]%0a
+host:1614248928=198.251.81.119
+author:1614248764=jrmu
+diff:1614248764:1614248201:=247,252d246%0a%3c Again, you must replace @@example.com@@ with your actual domain. Then:%0a%3c %0a%3c [@%0a%3c $ doas acme-client -Fv example.com%0a%3c @]%0a%3c %0a261,267c255%0a%3c @]%0a%3c %0a%3c See Also:%0a%3c %0a%3c [[openhttpd/configure|Configure OpenHTTPd]]%0a%3c [[telnet/HTTP|Telnet HTTP]]%0a%3c [[openssl/HTTP|OpenSSL HTTP]]%0a---%0a> @]%0a\ No newline at end of file%0a
+host:1614248764=198.251.81.119
+author:1614248201=jrmu
+diff:1614248201:1614247880:=231,245d230%0a%3c %0a%3c !!! Domain Not Listed%0a%3c %0a%3c If you add a new alternative name inside your domain block in [[https://man.openbsd.org/acme-client.conf|/etc/acme-client.conf]], you will see this error:%0a%3c %0a%3c [@%0a%3c acme-client: /etc/ssl/example.com.fullchain.pem: domain not listed: new.example.com%0a%3c @]%0a%3c %0a%3c Here, @@new.example.com@@ was a new alternative name I added. The solution is to move your old public cert and private key to a new location, then request the cert again:%0a%3c %0a%3c [@%0a%3c $ doas mv /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com.fullchain.pem.bak%0a%3c $ doas mv /etc/ssl/private/example.com.key /etc/ssl/private/example.com.key.bak%0a%3c @]%0a
+host:1614248201=198.251.81.119
+author:1614247880=jrmu
+diff:1614247880:1614247705:=185,190c185,186%0a%3c The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on.%0a%3c %0a%3c '''Note''': You '''cannot''' request a domain you don't own! The domain must point to an IP you own.%0a%3c %0a%3c There are a few possible mistakes:%0a%3c %0a---%0a> The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. There are a few possible mistakes:%0a> %0a240c236,241%0a%3c @]%0a\ No newline at end of file%0a---%0a> @]%0a> %0a> !! Common errors%0a> %0a> # Do not request domains you don't own%0a> # If you change the domains, you need to move the cert and request again%0a\ No newline at end of file%0a
+host:1614247880=198.251.81.119
+author:1614247705=jrmu
+diff:1614247705:1614247508:=
+host:1614247705=198.251.81.119
+author:1614247508=jrmu
+diff:1614247508:1614247487:=
+host:1614247508=198.251.81.119
+author:1614247487=jrmu
+diff:1614247487:1614245123:=134,135c134,135%0a%3c If there are no errors, you should see something similar to the following output:%0a%3c %0a---%0a> If all goes well, you should see something similar to the following output:%0a> %0a156,159c156%0a%3c Pay attention to the last line: it says that the public certificate was generated. If you see that, it's a success!%0a%3c %0a%3c You now have two certificates, the public key inside @@/etc/ssl/example.com.fullchain.pem@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to):%0a%3c %0a---%0a> %0a161,163c158%0a%3c $ doas ls -l /etc/ssl/example.com.fullchain.pem /etc/ssl/private/example.com.key%0a%3c -r--r--r-- 1 root wheel 4797 Feb 25 02:11 /etc/ssl/jrmu.coconut.ircnow.org.fullchain.pem%0a%3c -r-------- 1 root wheel 3272 Feb 25 02:10 /etc/ssl/private/jrmu.coconut.ircnow.org.key%0a---%0a> acme-client: /etc/ssl/example.com.fullchain.pem: created%0a164a160,174%0a> %0a> %0a> [@%0a> $ doas ls -l /etc/ssl/private%0a> -r-------- 1 root wheel 3272 Mar 28 22:16 example.com.key%0a> @]%0a> # A PEM certificate under /etc/ssl e.g.%0a> [@%0a> $ ls -l /etc/ssl/*.pem%0a> -r--r--r-- 1 root wheel 3937 Mar 28 22:16 example.com.fullchain.pem%0a> @]%0a> %0a> It would have the following output of running acme-client, generating a certificate for example.com%0a> %0a> You should now have two certificates, the public key inside @@/etc/ssl/example.com.fullchain.pem@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to).%0a
+host:1614247487=198.251.81.119
+author:1614245123=jrmu
+diff:1614245123:1614242993:=134,135c134,135%0a%3c If all goes well, you should see something similar to the following output:%0a%3c %0a---%0a> If all goes well, you should see the following line at the very bottom:%0a> %0a137,152d136%0a%3c $ doas acme-client -Fv example.com%0a%3c acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key%0a%3c acme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/directory: directories%0a%3c acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0a%3c acme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 0%0a%3c acme-client: /var/www/acme/uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs: created%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A: challenge%0a%3c acme-client: order.status 0%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/11133258838%0a%3c acme-client: challenge, token: uWHZmqhx6NEpcv25LEvodMAeymB1guTFVtyktVzkJgs, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/11133258838/_UI3-A, status: 2%0a%3c acme-client: order.status 1%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/113861127/8112730231: certificate%0a%3c acme-client: order.status 3%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/cert/03f7fd846802cb0689c2bbd7b6f5e89eb66b: certificate%0a156c140,149%0a%3c %0a---%0a> You should now have two certificates, the public key inside @@/etc/ssl/example.com.fullchain.pem@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to).%0a> %0a> !! Troubleshooting%0a> %0a> If acme-client fails, there are several possible causes:%0a> %0a> !!! Missing Domain Records%0a> %0a> It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a> %0a158c151%0a%3c acme-client: /etc/ssl/example.com.fullchain.pem: created%0a---%0a> $ host example.com%0a161c154,155%0a%3c %0a---%0a> You should see one or two records like the following:%0a> %0a163,164c157,158%0a%3c $ doas ls -l /etc/ssl/private%0a%3c -r-------- 1 root wheel 3272 Mar 28 22:16 example.com.key%0a---%0a> example.com has address 93.184.216.34%0a> example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a166c160,168%0a%3c # A PEM certificate under /etc/ssl e.g.%0a---%0a> %0a> The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. There are a few possible mistakes:%0a> %0a> # Your web server is listening only one IPv4 but your DNS record includes IPv6; or vice versa.%0a> # You have the wrong IP addresses.%0a> # DNS records are missing.%0a> %0a> If you have missing records, you will see this response:%0a> %0a168,169c170%0a%3c $ ls -l /etc/ssl/*.pem%0a%3c -r--r--r-- 1 root wheel 3937 Mar 28 22:16 example.com.fullchain.pem%0a---%0a> Host example.com not found: 3(NXDOMAIN)%0a172,183c173,180%0a%3c It would have the following output of running acme-client, generating a certificate for example.com%0a%3c %0a%3c You should now have two certificates, the public key inside @@/etc/ssl/example.com.fullchain.pem@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to).%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If acme-client fails, there are several possible causes:%0a%3c %0a%3c !!! Missing Domain Records%0a%3c %0a%3c It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a%3c %0a---%0a> You will either need to speak with your DNS provider or you will need to troubleshoot [[nsd/troubleshoot|nsd]].%0a> %0a> !!! OpenHTTPd Misconfigured%0a> %0a> acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. If [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a> %0a> To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain):%0a> %0a185c182,184%0a%3c $ host example.com%0a---%0a> $ telnet example.com 80%0a> GET /index.html HTTP/1.1%0a> Host: example.com%0a188,189c187,188%0a%3c You should see one or two records like the following:%0a%3c %0a---%0a> You should a response similar to the one below:%0a> %0a191,192c190,197%0a%3c example.com has address 93.184.216.34%0a%3c example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a---%0a> HTTP/1.0 302 Found%0a> Date: Tue, 23 Feb 2021 14:01:28 GMT%0a> OpenBSD httpd%0a> Connection: close%0a> Content-Type: text/html%0a> Content-Length: 486%0a> Location: https://example.com/index.html%0a> ...%0a195,202c200,205%0a%3c The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. There are a few possible mistakes:%0a%3c %0a%3c # Your web server is listening only one IPv4 but your DNS record includes IPv6; or vice versa.%0a%3c # You have the wrong IP addresses.%0a%3c # DNS records are missing.%0a%3c %0a%3c If you have missing records, you will see this response:%0a%3c %0a---%0a> If you do not get this response, double check your openhttpd configuration.%0a> %0a> '''Note''': Using the telnet command above is more reliable than visiting the URL in a web browser. By default, httpd.conf (and most web browsers) will forward all requests to port 80 to port 443. As a result, your web browser will see what is listening on port 443, but the certificate authority will test port 80 only.%0a> %0a> # You have the proper permissions set on the folders in /var/www/. An example output would be,%0a> %0a204c207,218%0a%3c Host example.com not found: 3(NXDOMAIN)%0a---%0a> $ ls -l /var | grep www%0a> drwxr-xr-x 11 root daemon 512 Mar 28 05:28 www%0a> $ ls -l /var/www%0a> total 36%0a> drwxr-xr-x 2 root daemon 512 Mar 28 22:16 acme%0a> drwxr-xr-x 2 root daemon 512 Mar 14 06:12 bin%0a> drwx-----T 2 www daemon 512 Oct 12 12:34 cache%0a> drwxr-xr-x 2 root daemon 512 Mar 14 06:12 cgi-bin%0a> drwxr-xr-x 2 root daemon 512 Mar 14 06:03 conf%0a> drwxr-xr-x 3 root daemon 512 Oct 12 12:34 htdocs%0a> drwxr-xr-x 2 root daemon 512 Mar 29 00:00 logs%0a> drwxr-xr-x 2 root daemon 512 Oct 12 12:34 run%0a206,214c220,224%0a%3c %0a%3c You will either need to speak with your DNS provider or you will need to troubleshoot [[nsd/troubleshoot|nsd]].%0a%3c %0a%3c !!! OpenHTTPd Misconfigured%0a%3c %0a%3c acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. If [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a%3c %0a%3c To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain):%0a%3c %0a---%0a> # Your firewall is not configured to block Let's Encrypt certification verification process. Typically it will initiate a few servers to connect to port 80 on your server.%0a> %0a> !! Successful outcomes%0a> A successful outcome would result in:%0a> # A ASCII text file, suffixed with .key with your hostname in /etc/ssl/private e.g.%0a216,218c226,227%0a%3c $ telnet example.com 80%0a%3c GET /index.html HTTP/1.1%0a%3c Host: example.com%0a---%0a> $ doas ls -l /etc/ssl/private%0a> -r-------- 1 root wheel 3272 Mar 28 22:16 example.com.key%0a220,222c229%0a%3c %0a%3c You should a response similar to the one below:%0a%3c %0a---%0a> # A PEM certificate under /etc/ssl e.g.%0a224,231c231,232%0a%3c HTTP/1.0 302 Found%0a%3c Date: Tue, 23 Feb 2021 14:01:28 GMT%0a%3c OpenBSD httpd%0a%3c Connection: close%0a%3c Content-Type: text/html%0a%3c Content-Length: 486%0a%3c Location: https://example.com/index.html%0a%3c ...%0a---%0a> $ ls -l /etc/ssl/*.pem%0a> -r--r--r-- 1 root wheel 3937 Mar 28 22:16 example.com.fullchain.pem%0a234,241c235,236%0a%3c If you do not get this response, double check your openhttpd configuration.%0a%3c %0a%3c '''Note''': Using the telnet command above is more reliable than visiting the URL in a web browser. By default, httpd.conf (and most web browsers) will forward all requests for port 80 to port 443. As a result, your web browser will see what is listening on port 443, but the certificate authority will test port 80 only.%0a%3c %0a%3c !!! Incorrect File Permissions%0a%3c %0a%3c Double check the file permissions for /var/www and /var/www/acme:%0a%3c %0a---%0a> It would have the following output of running acme-client, generating a certificate for example.com%0a> %0a243,245c238,263%0a%3c $ ls -ld /var/www /var/www/acme%0a%3c drwxr-xr-x 10 root daemon 512 Oct 5 07:47 /var/www%0a%3c drwxr-xr-x 2 root daemon 512 Oct 5 07:47 /var/www/acme%0a---%0a> acme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0a> acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key%0a> acme-client: https://acme-v02.api.letsencrypt.org/directory: directories%0a> acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3674632835%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: challenge, token: mylkLrPXTvdyiTbDDybKy7M-0JyqiBr0nOg8UXnJ0uDL, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3674632835/-1tUXQ, status: 0%0a> acme-client: /var/www/acme/mylkLrPXTvdyiTbDDybKy7M-0JyqiBr0nOg8UXnJ0uDL: created%0a> acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3674632835/-1tUXQ: challenge%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: order.status 0%0a> acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3674632835%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: challenge, token: mylkLrPXTvdyiTbDDybKy7M-0JyqiBr0nOg8UXnJ0uDL, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3674632835/-1tUXQ, status: 2%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: order.status 1%0a> acme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/81817869/2815341474: certificate%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: order.status 3%0a> acme-client: https://acme-v02.api.letsencrypt.org/acme/cert/vxsJMODZOeZxwiuyq9Bz6jqgoRRRUak8ZQ3ob: certificate%0a> acme-client: 172.65.32.248: tls_close: EOF without close notify%0a> acme-client: /etc/ssl/example.com.fullchain.pem: created%0a
+host:1614245123=198.251.81.119
+author:1614242993=jrmu
+diff:1614242993:1614242757:=177,203c177,181%0a%3c acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. If [[openhttpd/configure|openhttpd]] is not configured and running properly, acme-client won't work.%0a%3c %0a%3c To test if your web server is running properly, use [[telnet/http|telnet]] (replacing @@example.com@@ with your domain):%0a%3c %0a%3c [@%0a%3c $ telnet example.com 80%0a%3c GET /index.html HTTP/1.1%0a%3c Host: example.com%0a%3c @]%0a%3c %0a%3c You should a response similar to the one below:%0a%3c %0a%3c [@%0a%3c HTTP/1.0 302 Found%0a%3c Date: Tue, 23 Feb 2021 14:01:28 GMT%0a%3c OpenBSD httpd%0a%3c Connection: close%0a%3c Content-Type: text/html%0a%3c Content-Length: 486%0a%3c Location: https://example.com/index.html%0a%3c ...%0a%3c @]%0a%3c %0a%3c If you do not get this response, double check your openhttpd configuration.%0a%3c %0a%3c '''Note''': Using the telnet command above is more reliable than visiting the URL in a web browser. By default, httpd.conf (and most web browsers) will forward all requests to port 80 to port 443. As a result, your web browser will see what is listening on port 443, but the certificate authority will test port 80 only.%0a%3c %0a---%0a> acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. If openhttpd is not configured and running properly, acme-client won't work.%0a> %0a> You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)%0a> # You have the proper permissions set on the folders in /var/www/. An example output would be,%0a> %0a
+host:1614242993=198.251.81.119
+author:1614242757=jrmu
+diff:1614242757:1614242252:=175,179c175%0a%3c !!! OpenHTTPd Misconfigured%0a%3c %0a%3c acme-client uses the "http-01" challenge. A file is created with a special message in @@/var/www/acme/@@, and the certificate authority requests that file using the URL @@http://example.com/.well-known/acme-challenge/*@@. If openhttpd is not configured and running properly, acme-client won't work.%0a%3c %0a%3c You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)%0a---%0a> # The [[Openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)%0a
+host:1614242757=198.251.81.119
+author:1614242252=jrmu
+diff:1614242252:1614242101:=164,174c164,171%0a%3c # You have the wrong IP addresses.%0a%3c # DNS records are missing.%0a%3c %0a%3c If you have missing records, you will see this response:%0a%3c %0a%3c [@%0a%3c Host example.com not found: 3(NXDOMAIN)%0a%3c @]%0a%3c %0a%3c You will either need to speak with your DNS provider or you will need to troubleshoot [[nsd/troubleshoot|nsd]].%0a%3c %0a---%0a> # %0a> %0a> %0a> Host blahblah.coconut.ircnow.org not found: 3(NXDOMAIN)%0a> %0a> If you %0a> %0a> [[nsd|DNS]] is configured properly%0a
+host:1614242252=198.251.81.119
+author:1614242101=jrmu
+diff:1614242101:1614241008:=144,173c144,149%0a%3c If acme-client fails, there are several possible causes:%0a%3c %0a%3c !!! Missing Domain Records%0a%3c %0a%3c It's possible that your domain records are missing. Run this command, replacing @@example.com@@ with your real hostname:%0a%3c %0a%3c [@%0a%3c $ host example.com%0a%3c @]%0a%3c %0a%3c You should see one or two records like the following:%0a%3c %0a%3c [@%0a%3c example.com has address 93.184.216.34%0a%3c example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946%0a%3c @]%0a%3c %0a%3c The IPv4 and IPv6 address must exactly match the IPs that [[openhttpd/configure|OpenHTTPd]] is listening on. There are a few possible mistakes:%0a%3c %0a%3c # Your web server is listening only one IPv4 but your DNS record includes IPv6; or vice versa.%0a%3c # %0a%3c %0a%3c %0a%3c Host blahblah.coconut.ircnow.org not found: 3(NXDOMAIN)%0a%3c %0a%3c If you %0a%3c %0a%3c [[nsd|DNS]] is configured properly%0a%3c # The [[Openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)%0a%3c # You have the proper permissions set on the folders in /var/www/. An example output would be,%0a---%0a> If you run into errors, check to make sure:%0a> %0a> # [[nsd|DNS]] is configured properly. %0a> # The [[Openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)%0a> # You have the proper permissions set on the folders in /var/www/. An example output would be,%0a> %0a
+host:1614242101=198.251.81.119
+author:1614241008=jrmu
+diff:1614241008:1614240851:=134,141d133%0a%3c If all goes well, you should see the following line at the very bottom:%0a%3c %0a%3c [@%0a%3c acme-client: /etc/ssl/example.com.fullchain.pem: created%0a%3c @]%0a%3c %0a%3c You should now have two certificates, the public key inside @@/etc/ssl/example.com.fullchain.pem@@, and the private key inside @@/etc/ssl/private/example.com.key@@ (or wherever you changed the path to).%0a%3c %0a143d134%0a%3c %0a
+host:1614241008=198.251.81.119
+author:1614240851=jrmu
+diff:1614240851:1614240518:=113,114c113,114%0a%3c If you want to sign with buypass, test a staging certificate (to avoid using up your rate-limit), or switch to another authority, then edit this line:%0a%3c %0a---%0a> If you want to sign with buypass or another authority instead of Let's Encrypt, then edit this line:%0a> %0a119,124c119%0a%3c Change it to match one of your defined authorities. For example:%0a%3c %0a%3c # To test with letsencrypt-staging, replace it with @@sign with letsencrypt-staging@@.%0a%3c # To sign with buypass, replace it with @@sign with buypass@@.%0a%3c %0a%3c '''Note''': staging certificates are not recognized by most browsers and will be rejected as an invalid certificate. After you finish testing with a staging certificate, you will want to get a properly signed one.%0a---%0a> Change it to match one of your defined authorities.%0a
+host:1614240851=198.251.81.119
+author:1614240518=jrmu
+diff:1614240518:1614239909:=43,44d42%0a%3c To both of these blocks, we will want to add our contact email, so we add @@contact "mailto:me@example.com"@@ inside both blocks:%0a%3c %0a46,49c44,48%0a%3c authority letsencrypt {%0a%3c api url "https://acme-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-privkey.pem"%0a%3c contact "mailto:me@example.com"%0a---%0a> domain example.com {%0a> alternative names { secure.example.com }%0a> domain key "/etc/ssl/private/example.com.key"%0a> domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a> sign with letsencrypt%0a51,56d49%0a%3c %0a%3c authority letsencrypt-staging {%0a%3c api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a%3c contact "mailto:me@example.com"%0a%3c }%0a59,60c52,59%0a%3c Next, the default [[https://man.openbsd.org/acme-client.conf|acme-client.conf]] defines two more authorities:%0a%3c %0a---%0a> This configures acme-client for the domain example.com. You'll want to replace every appearance of @@example.com@@ with your own domain, which might look like @@username.fruit.ircnow.org@@.%0a> %0a> Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@example.ircnow.org@@ and the alternative names @@fruit.ircnow.org@@ and @@vegetable.ircnow.org@@.%0a> %0a> If you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, I recommend keeping the number of alternative names to under 5.%0a> %0a> '''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. The below will cause errors:%0a> %0a62,72c61%0a%3c authority buypass {%0a%3c api url "https://api.buypass.com/acme/directory"%0a%3c account key "/etc/acme/buypass-privkey.pem"%0a%3c contact "mailto:me@example.com"%0a%3c }%0a%3c %0a%3c authority buypass-test {%0a%3c api url "https://api.test4.buypass.no/acme/directory"%0a%3c account key "/etc/acme/buypass-test-privkey.pem"%0a%3c contact "mailto:me@example.com"%0a%3c }%0a---%0a> alternative names { }%0a75,76c64,65%0a%3c These two blocks are the same as for letsencrypt, but with the alternative provider [[https://buypass.com/|buypass]]. Make sure to replace the contact email with your own email.%0a%3c %0a---%0a> If you don't need any alternative names, you should comment this line out by putting a # at the beginning of the line, like so:%0a> %0a78,83c67%0a%3c domain example.com {%0a%3c alternative names { secure.example.com }%0a%3c domain key "/etc/ssl/private/example.com.key"%0a%3c domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a%3c sign with letsencrypt%0a%3c }%0a---%0a> # alternative names { }%0a86,93c70,71%0a%3c This configures acme-client for the domain example.com. You'll want to replace every appearance of @@example.com@@ with your own domain, which might look like @@username.fruit.ircnow.org@@.%0a%3c %0a%3c Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@example.ircnow.org@@ and the alternative names @@fruit.ircnow.org@@ and @@vegetable.ircnow.org@@.%0a%3c %0a%3c If you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, I recommend keeping the number of alternative names to under 5.%0a%3c %0a%3c '''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. The below will cause errors:%0a%3c %0a---%0a> The @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a> %0a95c73,74%0a%3c alternative names { }%0a---%0a> domain key "/etc/ssl/private/example.com.key"%0a> domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a98,123c77,80%0a%3c If you don't need any alternative names, you should comment this line out by putting a # at the beginning of the line, like so:%0a%3c %0a%3c [@%0a%3c # alternative names { }%0a%3c @]%0a%3c %0a%3c The @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a%3c %0a%3c [@%0a%3c domain key "/etc/ssl/private/example.com.key"%0a%3c domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a%3c @]%0a%3c %0a%3c You will want to replace @@example.com@@ with your real domain. The public key should go inside @@/etc/ssl@@ and the private key should go inside @@/etc/ssl/private@@.%0a%3c %0a%3c If you want to sign with buypass or another authority instead of Let's Encrypt, then edit this line:%0a%3c %0a%3c [@%0a%3c sign with letsencrypt%0a%3c @]%0a%3c %0a%3c Change it to match one of your defined authorities.%0a%3c %0a%3c !! Requesting Certificates%0a%3c %0a%3c After you have finished configuring the conf file, we can request certificates:%0a---%0a> You will want to replace @@example.com@@ with your real domain. The public key should go inside @@/etc/ssl@@ and the private key should go inside @@/etc/ssl/private@@.%0a> %0a> Now, run acme-client:%0a> %0a
+host:1614240518=198.251.81.119
+author:1614239909=jrmu
+diff:1614239909:1614239863:=9c9%0a%3c Note: You must have a server block in [[https://man.openbsd.org/httpd.conf|/etc/httpd.conf]] listening on port 80. Do not delete this block or else acme-client will not work.%0a---%0a> Note: You must have a server block listening on port 80. Do not delete this block or else acme-client will not work.%0a
+host:1614239909=198.251.81.119
+author:1614239863=jrmu
+diff:1614239863:1614239297:=7c7%0a%3c Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning [[dns/overview|DNS records]] for your hostname, which might look like @@username.fruit.ircnow.org@@.%0a---%0a> Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning [[dns/overview|DNS record]], such as @@username.fruit.ircnow.org@@.%0a
+host:1614239863=198.251.81.119
+author:1614239297=jrmu
+diff:1614239297:1614238842:=54,59c54,57%0a%3c Each SSL cert is valid only for a '''common name''' and a set of '''alternative names''' that are provided on the certificate. For example, an SSL certificate might have the common name @@example.ircnow.org@@ and the alternative names @@fruit.ircnow.org@@ and @@vegetable.ircnow.org@@.%0a%3c %0a%3c If you use too many alternative names, an acme-client certificate request has a higher chance of failure. So, I recommend keeping the number of alternative names to under 5.%0a%3c %0a%3c '''Warning''': Having the @@alternative names@@ directive with nothing inside will cause errors. The below will cause errors:%0a%3c %0a---%0a> SSL certs%0a> %0a> Replace example.com with your domain. If you didn't use any alternative names, in the past, having:%0a> %0a64,65c62,63%0a%3c If you don't need any alternative names, you should comment this line out by putting a # at the beginning of the line, like so:%0a%3c %0a---%0a> would cause issues. So, if you have no alternative names, I recommend you comment that line out as follows:%0a> %0a67c65%0a%3c # alternative names { }%0a---%0a> # alternative names { secure.example.com }%0a69,77d66%0a%3c %0a%3c The @@domain key@@ and @@domain full chain certificate@@ tell acme-client where to put the private key and certificate:%0a%3c %0a%3c [@%0a%3c domain key "/etc/ssl/private/example.com.key"%0a%3c domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a%3c @]%0a%3c %0a%3c You will want to replace @@example.com@@ with your real domain. The public key should go inside @@/etc/ssl@@ and the private key should go inside @@/etc/ssl/private@@.%0a
+host:1614239297=198.251.81.119
+author:1614238842=jrmu
+diff:1614238842:1614238762:=51,54d50%0a%3c %0a%3c This configures acme-client for the domain example.com. You'll want to replace every appearance of @@example.com@@ with your own domain, which might look like @@username.fruit.ircnow.org@@.%0a%3c %0a%3c SSL certs%0a
+host:1614238842=198.251.81.119
+author:1614238762=jrmu
+diff:1614238762:1614238543:=30,33c30,33%0a%3c '''Note''': Let's Encrypt [[https://letsencrypt.org/docs/rate-limits/|rate-limits]] the number of SSL certs you can request. If you encounter an error and are unable to request an SSL cert, please fix all errors before requesting again. If you request too many certs in a short time, your domain will get blacklisted for a few hours or days.%0a%3c %0a%3c Although we are using Let's Encrypt for this tutorial, it is important to note that Let's Encrypt currently has a monopoly on free SSL certs. For this reason, IRCNow wants to run its own Certificate Authority in case Let's Encrypt should try to censor our domains.%0a%3c %0a---%0a> '''Note''': Let's Encrypt rate-limits the number of SSL certs you can request.%0a> %0a> Although we are using Let's Encrypt for this tutorial, it is important to note that Let's Encrypt currently has a monopoly on free SSL certs. For this reason, IRCNow is considering running its own Certificate Authority in case Let's Encrypt should try to censor our domains.%0a> %0a41c41%0a%3c letsencrypt-staging is a staging server which you can use to practice requesting fake certificates. The rate limits for the staging server are less strict, so you should practice first with this CA.%0a---%0a> letsencrypt-staging is a staging server which you can use to practice requesting fake certificates.%0a
+host:1614238762=198.251.81.119
+author:1614238543=jrmu
+diff:1614238543:1614238364:=30,33d29%0a%3c '''Note''': Let's Encrypt rate-limits the number of SSL certs you can request.%0a%3c %0a%3c Although we are using Let's Encrypt for this tutorial, it is important to note that Let's Encrypt currently has a monopoly on free SSL certs. For this reason, IRCNow is considering running its own Certificate Authority in case Let's Encrypt should try to censor our domains.%0a%3c %0a39,43c35%0a%3c @]%0a%3c %0a%3c letsencrypt-staging is a staging server which you can use to practice requesting fake certificates.%0a%3c %0a%3c [@%0a---%0a> %0a
+host:1614238543=198.251.81.119
+author:1614238364=jrmu
+diff:1614238364:1614237906:=19,20d18%0a%3c We'll open up /etc/acme-client.conf and analyze the meaning of each block:%0a%3c %0a26,30c24%0a%3c @]%0a%3c %0a%3c This defines the Certificate Authority [[https://letsencrypt.org/|letsencrypt]]. It provides the API URL and the location of the account key.%0a%3c %0a%3c [@%0a---%0a> %0a
+host:1614238364=198.251.81.119
+author:1614237906=jrmu
+diff:1614237906:1614237321:=1,4c1,4%0a%3c (:title Configuring Acme-client:)%0a%3c %0a%3c To enable TLS, you will want a certificate signed by a trusted certificate authority (CA). In this guide, we'll use OpenBSD's [[https://man.openbsd.org/acme-client|acme-client]] with Let's Encrypt.%0a%3c %0a---%0a> (:title Configuring Acme-client)%0a> %0a> To have TLS, you will want a certificate signed by a trusted certificate authority (CA). In this guide, we'll use OpenBSD's [[https://man.openbsd.org/acme-client|acme-client]] with Let's Encrypt.%0a> %0a13c13%0a%3c First, copy the [[https://man.openbsd.org/acme-client.conf|acme-client.conf]] template:%0a---%0a> First, copy the /etc/examples/acme-client.conf template:%0a
+host:1614237906=198.251.81.119
+author:1614237321=jrmu
+diff:1614237321:1614236903:=11c11%0a%3c !! Configuration%0a---%0a> %0a
+host:1614237321=198.251.81.119
+author:1614236903=jrmu
+diff:1614236903:1614236691:=7,8c7,8%0a%3c Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning [[dns/overview|DNS record]], such as @@username.fruit.ircnow.org@@.%0a%3c %0a---%0a> Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning hostname%0a> %0a11c11%0a%3c %0a---%0a> %0a
+host:1614236903=198.251.81.119
+author:1614236691=jrmu
+diff:1614236691:1614236390:=
+host:1614236691=198.251.81.119
+author:1614236390=jrmu
+diff:1614236390:1614076701:=1,11c1,4%0a%3c (:title Configuring Acme-client)%0a%3c %0a%3c To have TLS, you will want a certificate signed by a trusted certificate authority (CA). In this guide, we'll use OpenBSD's [[https://man.openbsd.org/acme-client|acme-client]] with Let's Encrypt.%0a%3c %0a%3c !! Setting up OpenHTTPd%0a%3c %0a%3c Before you begin, you will need to properly configure and start [[openhttpd/configure|openhttpd]]. You will also need a properly functioning hostname%0a%3c %0a%3c Note: You must have a server block listening on port 80. Do not delete this block or else acme-client will not work.%0a%3c %0a%3c %0a---%0a> In order to provide proper TLS for your services, you will need a certificate signed by a trusted certificate authority (CA). The easiest option for now is to use the Let's Encrypt client by acme-client.%0a> %0a> !! Howto%0a> You will need to set up a httpd server in order for the acme-client to work. It is recommended to use openhttpd, click [[Openbsd/Openhttpd|here]] to find out how to set up openhttpd.%0a
+host:1614236390=198.251.81.119
+author:1614076701=jrmu
+diff:1614076701:1614076701:=1,119d0%0a%3c In order to provide proper TLS for your services, you will need a certificate signed by a trusted certificate authority (CA). The easiest option for now is to use the Let's Encrypt client by acme-client.%0a%3c %0a%3c !! Howto%0a%3c You will need to set up a httpd server in order for the acme-client to work. It is recommended to use openhttpd, click [[Openbsd/Openhttpd|here]] to find out how to set up openhttpd.%0a%3c %0a%3c First, copy the /etc/examples/acme-client.conf template:%0a%3c %0a%3c [@%0a%3c $ doas cp /etc/examples/acme-client.conf /etc/acme-client.conf%0a%3c @]%0a%3c %0a%3c [@%0a%3c authority letsencrypt {%0a%3c api url "https://acme-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-privkey.pem"%0a%3c }%0a%3c %0a%3c authority letsencrypt-staging {%0a%3c api url "https://acme-staging.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a%3c }%0a%3c %0a%3c domain example.com {%0a%3c alternative names { secure.example.com }%0a%3c domain key "/etc/ssl/private/example.com.key"%0a%3c domain full chain certificate "/etc/ssl/example.com.fullchain.pem"%0a%3c sign with letsencrypt%0a%3c }%0a%3c @]%0a%3c %0a%3c Replace example.com with your domain. If you didn't use any alternative names, in the past, having:%0a%3c %0a%3c [@%0a%3c alternative names { }%0a%3c @]%0a%3c %0a%3c would cause issues. So, if you have no alternative names, I recommend you comment that line out as follows:%0a%3c %0a%3c [@%0a%3c # alternative names { secure.example.com }%0a%3c @]%0a%3c %0a%3c Now, run acme-client:%0a%3c %0a%3c [@%0a%3c $ doas acme-client -Fv example.com%0a%3c @]%0a%3c %0a%3c !! Troubleshooting%0a%3c If you run into errors, check to make sure:%0a%3c %0a%3c # [[nsd|DNS]] is configured properly. %0a%3c # The [[Openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)%0a%3c # You have the proper permissions set on the folders in /var/www/. An example output would be,%0a%3c %0a%3c [@%0a%3c $ ls -l /var | grep www%0a%3c drwxr-xr-x 11 root daemon 512 Mar 28 05:28 www%0a%3c $ ls -l /var/www%0a%3c total 36%0a%3c drwxr-xr-x 2 root daemon 512 Mar 28 22:16 acme%0a%3c drwxr-xr-x 2 root daemon 512 Mar 14 06:12 bin%0a%3c drwx-----T 2 www daemon 512 Oct 12 12:34 cache%0a%3c drwxr-xr-x 2 root daemon 512 Mar 14 06:12 cgi-bin%0a%3c drwxr-xr-x 2 root daemon 512 Mar 14 06:03 conf%0a%3c drwxr-xr-x 3 root daemon 512 Oct 12 12:34 htdocs%0a%3c drwxr-xr-x 2 root daemon 512 Mar 29 00:00 logs%0a%3c drwxr-xr-x 2 root daemon 512 Oct 12 12:34 run%0a%3c @]%0a%3c # Your firewall is not configured to block Let's Encrypt certification verification process. Typically it will initiate a few servers to connect to port 80 on your server.%0a%3c %0a%3c !! Successful outcomes%0a%3c A successful outcome would result in:%0a%3c # A ASCII text file, suffixed with .key with your hostname in /etc/ssl/private e.g.%0a%3c [@%0a%3c $ doas ls -l /etc/ssl/private%0a%3c -r-------- 1 root wheel 3272 Mar 28 22:16 example.com.key%0a%3c @]%0a%3c # A PEM certificate under /etc/ssl e.g.%0a%3c [@%0a%3c $ ls -l /etc/ssl/*.pem%0a%3c -r--r--r-- 1 root wheel 3937 Mar 28 22:16 example.com.fullchain.pem%0a%3c @]%0a%3c %0a%3c It would have the following output of running acme-client, generating a certificate for example.com%0a%3c %0a%3c [@%0a%3c acme-client: /etc/ssl/private/example.com.key: generated RSA domain key%0a%3c acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/directory: directories%0a%3c acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3674632835%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: challenge, token: mylkLrPXTvdyiTbDDybKy7M-0JyqiBr0nOg8UXnJ0uDL, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3674632835/-1tUXQ, status: 0%0a%3c acme-client: /var/www/acme/mylkLrPXTvdyiTbDDybKy7M-0JyqiBr0nOg8UXnJ0uDL: created%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3674632835/-1tUXQ: challenge%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: order.status 0%0a%3c acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3674632835%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: challenge, token: mylkLrPXTvdyiTbDDybKy7M-0JyqiBr0nOg8UXnJ0uDL, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3674632835/-1tUXQ, status: 2%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: order.status 1%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/81817869/2815341474: certificate%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: order.status 3%0a%3c acme-client: https://acme-v02.api.letsencrypt.org/acme/cert/vxsJMODZOeZxwiuyq9Bz6jqgoRRRUak8ZQ3ob: certificate%0a%3c acme-client: 172.65.32.248: tls_close: EOF without close notify%0a%3c acme-client: /etc/ssl/example.com.fullchain.pem: created%0a%3c @]%0a%3c %0a%3c !! Common errors%0a%3c %0a%3c # Do not request domains you don't own%0a%3c # If you change the domains, you need to move the cert and request again%0a\ No newline at end of file%0a
+host:1614076701=198.251.81.119
blob - 1b22c43c87975003ed08453efb1791629b76aa7d
blob + 8bc1cf32e19f4496b78ac2db39f6d389df03126c
--- wiki.d/Adminforces.RecentChanges
+++ wiki.d/Adminforces.RecentChanges
ctime=1716923189
host=198.251.82.194
name=Adminforces.RecentChanges
-rev=90
-text=* [[Adminforces/Training]] . . . @2024-11-13T03:39:10Z by [[~jrmu]]: [==]%0a
-time=1731469150
+rev=91
+text=* [[Adminforces/Training]] . . . @2024-11-14T02:26:05Z by [[~jrmu]]: [==]%0a
+time=1731551165
blob - c2c7718eb127dd978b58cf9cb171f95a0ef18626
blob + 9c15b4bfb2d4725882c8b75bb52755ea96837b0a
--- wiki.d/Adminforces.Training
+++ wiki.d/Adminforces.Training
ctime=1716923189
host=198.251.82.194
name=Adminforces.Training
-rev=90
-targets=Openbsd.Intro,Doas.Configure,Syspatch.Syspatch,FwUpdate.Usage,Openbsd.Pkg,Ircnow.Howtoask,Lists.Ircnow,Freedom.Fork,Chroot.Intro,Openhttpd.Configure,Telnet.Http,Netcat.Http,Tls.Intro,Tls.San,Acme-client.Configure,Openhttpd.Tls,Openhttpd.Website,Openssl.Http,Openssl.Cert,Openhttpd.Hosting,Openbsd.Httpopenproxy,Openbsd.Chroot,Openhttpd.Perl,Slowcgi.Usage,Freedom.Selfadmin,Netcat.Irc,Netcat.Usage,Openbsd.Rcctl,Openbsd.Ed,Tar.Usage,Ksh.Editor,Ksh.History,Crontab.Edit,Openbsd.Adduser,Group.Usage,Openbsd.Localtime,Dd.Iso,Ln.Intro,Openbsd.Fstab,Dmesg.Usage,Openbsd.Hier,Top.Usage,Ps.Usage,Renice.Usage,Fstat.Usage,Fuser.Usage,Kill.Usage,Openbsd.Panic,Openbsd.Loginconf,Openbsd.Sysctl,Swapctl.Usage,Openbsd.Outofmemory,Atactl.Usage,Acct.Accton,Openbsd.Vipw,Freedom.Firstamendment,Ircnow.Dogfood,Freedom.Software,Relayd.Acceleration,Relayd.TLSMulti,Freedom.Religion,Tcpip.Overview,IPv4.Overview,IPv6.Overview,Tcpip.Sockets,Ip.Netmask,Tcpip.Ports,IP.Myaddress,Tcpbench.Usage,Openbsd.Ping,Traceroute.Usage,Openbsd.Dig,Adminforces.Ifconfig,Ifconfig.Change,Hostnameif.Static,Hostnameif.Autoconf,Ifstated.Configure,Arp.Usage,Ndp.Usage,Resolv.Conf-,Resolvd.Usage,Route.Usage,Route.Hostnameif,Netstat.Usage,Route.Sourceaddr,Ifconfig.Hostap,Hostapd.Configure,Freedom.Openforeveryone,Pf.Configure,Pf.Guide,Pf.Nat,Pf.Whitelisting,Pf.Debugging,Pf.Rdr-to,Pf.TrafficShaping,Pf.Pflog,Pf.Authpf,Pf.Testing,Pf.Nat64,Pf.Ftp-proxy,Pf.Dmz,Openbsd.Ddos,Openbsd.Tcpdump,Openbsd.SSDP,Openbsd.ACKFlood,Openbsd.RSTFlood,Openbsd.UDPFlood,Openbsd.Amplification,Openbsd.PFStable,Openbsd.PFTesting,Openbsd.Pf,Pfctl.Usage,Ifconfig.Wifi,Ifconfig.Wifitoethernet,Ifconfig.Bridge,Ifconfig.Vlan,Ifconfig.Veb,Ifconfig.Vether,Ifconfig.Carp,Ifconfig.Gre,Ifconfig.Mgre,Ifconfig.Egre,Ifconfig.Eoip,Ifconfig.Etherip,Ifconfig.Vxlan,Ifconfig.Mpe,Ifconfig.Mpip,Ifconfig.Mpw,Ifconfig.Bpe,Ifconfig.Pppoe,Ifconfig.Sppp,Ifconfig.Tpmr,Ifconfig.Trunk,Ifconfig.Aggr,Ifconfig.Urndis,Ifconfig.Pflow,Ifconfig.Pfsync,Gre.6in4vmm,Gre.6in4,Gre.4in6,Ifconfig.Wg,Ifconfig.Tap,Ifconfig.Tun,Dns.Overview,Unwind.Configure,Unbound.Configure,Unbound.Dnssec-,Dig.Usage,Host.Usage,Hostname.Usage,Hosts.Configure,Netizen.Become,Netizen.Rights,Dns.Records,Dns.Registrars,Dns.FQDN,Nsd.Configure,Dns.Zonefile,Nsd.Zone,Nsd.Masterslave,Nsd.Troubleshoot,DNS.RDNS,DNS.Ipv4rDNS,DNS.Ipv6rDNS,Freedom.Unix,Dns.Vhost,Identd.Configure,Freedom.Federation,Opensmtpd.Maildir,DNS.Mail,DNS.SPF,DNS.DKIM,DNS.DMARC,Netcat.SMTP,Opensmtpd.Test,Opensmtpd.Inbox,Opensmtpd.Openrelay,Smtp.Usage,Spamd.Configure,Opensmtpd.Aliases,Snmpd.Configure,Snmp.Configure,Sensorsd.Configure,Ldapd.Configure,Servers.Rights,Minutemin.Code,Minutemin.Duty,Cvsweb.Restore,Got.Usage,Got.Repo,Got.Server,Got.Mirror,Gotweb.Install,Minutemin.Server,Openbsd.Dump,Openrsync.Usage,Openbsd.Fdisk,Openbsd.Disklabel,Disklabel.Partitioning,Newfs.Usage,Mount.Usage,Openbsd.Newdisk,Mfs.Usage,Ffs.Intro,Fsck.Usage,Openbsd.Quota,Openbsd.Growfs,Softraid.Install,Softraid.Rebuild,Exports.Configure,Nfsd.Configure,MountNfs.Usage,Mountd.Configure,Ftpd.Configure,Tftpd.Configure,Sed.Usage,Awk.Usage,Roff.Usage,Ksh.Intro,Perl101.Perl101,Vmm.Intro,Vmctl.Usage,Cu.Usage,Vmctl.Newdisk,Vmctl.Reinstall,Vmm.Install,Openbsd.Install,Openbsd.Upgrade,Openbsd.Sysupgrade,Vmm.Sysupgrade,Sysmerge.Usage,Openbsd.Bsdrd,Openbsd.Singleuser,OpenBSD.ResetPassword,Openbsd.Autoinstall,Vmm.Configure,Hosting.Providers,Dhcpd.Configure,Rad.Configure,Slaacd.Configure,Openbsd.Diskless,Rc.Conf,Syslogd.Configure,Syslogd.Remote,Newsyslog.Configure,Sendbug.Usage,Openbsd.Mail,Freedom.Independence,Ircnow.Constitution,Freedom.Union,Freedom.Privacy,Freedom.Homestead,Freedom.Madeonirc,Freedom.Startupdream,Freedom.Dueprocess,Freedom.Checks,Freedom.Rulebylaw,Openbsd.Ports,Pkgadd.CheckUpdates-,Ntpd.Configure,Abuse.Intro,Team.Security,Password.Management,Openssl.Encryptfile,Signify.Verify,Shell.Limits,Openbsd.FilePermissions,Pledge.Intro,Unveil.Intro,Openbsd.Setuid,Security.Usage,Vlan.Configure,Pair.Configure,Veb.Configure,Bridge.Configure,Nat.Configure,Route.Static,Ripd.Configure,Route6d.Configure,Ospfd.Configure,Bgpd.Configure,Dvmrpd.Configure,Mrouted.Configure,Npppd.Configure,Dhcpleased.Configure,Iked.Sitetosite,Iked.Sitetositevmm,Iked.Roadwarrior,Iked.Roadwarriorvmm,Vpn.Vpn,Vpn.Myipaddress,Iked.Binat,Sshd.Configure,Ssh.Fingerprints,Ssh.Agent,OpenSSH.Connect,OpenSSH.Keygen,Openbsd.Sshkeys,Openbsd.Sshbackdoor,Sftp.Chroot,Sshd.Chroot,Openrsync.Chroot,Openbsd.Books,Unix.Reading,Team.Welcome,Team.Testing,Team.Announce
-text=(:title Admin Forces Training:)%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! OpenBSD Jumpstart ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/intro|OpenBSD Intro]] || BSD || Introduction to OpenBSD || ||%0a|| [[doas/configure|Configure doas]] || BSD || Execute commands as root || ||%0a|| [[syspatch/syspatch|Patch your system]] || BSD || Patch your system || ||%0a|| [[fw_update/usage|Update firmware]] || BSD || Update firmware || ||%0a|| [[openbsd/pkg|Installing Packages]] || BSD || Install new software || ||%0a|| [[Ircnow/Howtoask|Good Questions]] || Civics || How to Ask Good Questions || ||%0a|| [[Lists/Ircnow|IRCNow Mailing Lists]] || Civics || Sign up to IRCNow Mailing lists || Extend VPS for 1 week ||%0a%0a||! Web Server ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/fork|Freedom to Fork]] || Civics || Freedom to Fork || ||%0a|| [[chroot/intro|Intro to Chroot]] || BSD || Learn about Chroots || ||%0a|| [[Openhttpd/Configure|Simple OpenHTTPd]] || Web || Host your own web server || ||%0a|| [[telnet/http|Telnet HTTP]] || Network || Troubleshoot webserver with telnet || ||%0a|| [[netcat/http|netcat HTTP]] || Network || Troubleshoot webserver with netcat || ||%0a|| [[tls/intro|TLS overview]] || Network || TLS introduction || ||%0a|| [[tls/san|Subject Alternative Names]] || Network || TLS and Subject Alternative Names || ||%0a|| [[acme-client/configure|acme-client]] || Security || Request an SSL cert || ||%0a|| [[Openhttpd/Tls|OpenHTTPd TLS]] || Web || Provide TLS for webpages || ||%0a|| [[Openhttpd/Website|OpenHTTPd Website]] || Web || Set up your website || Extend VPS 1 week ||%0a|| [[openssl/http|OpenSSL HTTP]] || Network || Test TLS for webpages with OpenSSL || ||%0a|| [[openssl/cert|Save OpenSSL cert]] || Network || Save OpenSSL cert || ||%0a|| [[Openhttpd/Hosting|Multi-user OpenHTTPd]] || Web || Configure webserver for multiple domains || ||%0a|| [[Openbsd/Httpopenproxy|Open Proxies]] || Web || Avoid blacklists by closing open proxies || ||%0a|| [[Openbsd/Chroot|OpenHTTPd Chroot]] || Web || OpenHTTPd chroot environment || ||%0a|| [[Openhttpd/Perl|OpenHTTPd Perl]] || Web || Install Perl inside OpenHTTPd chroot || Extend VPS 1 week ||%0a|| [[slowcgi/usage|slowcgi]] || Web || Configure slowcgi || ||%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/selfadmin|Self-Admin]] || Civics || Admin your network || ||%0a|| [[netcat/irc|netcat IRC]] || Network || Troubleshoot IRC with netcat || ||%0a|| [[netcat/usage|netcat]] || Network || Troubleshoot applications with netcat || ||%0a|| [[openbsd/rcctl|rcctl]] || BSD || Start services automatically || Extend VPS 1 week ||%0a%0a||! System Administration ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/ed|ed]] || BSD || ed text editor || ||%0a|| [[tar/usage|tar]] || BSD || Tape archives || ||%0a|| [[ksh/editor|Change editor]] || BSD || Change default editor || ||%0a|| [[ksh/history|ksh history]] || BSD || Add history for shell commands || ||%0a|| [[crontab/edit|Editing crontab]] || BSD || Editing crontab || ||%0a|| [[openbsd/adduser|adduser]] || BSD || Addusers || ||%0a|| [[group/usage|group]] || BSD || Manage groups || ||%0a|| [[openbsd/localtime|localtime]] || BSD || Set time zone || ||%0a|| [[dd/iso|Write image to usb]] || BSD || Write image to USB || ||%0a|| [[ln/intro|symbolic links]] || BSD || Create symbolic links || ||%0a|| [[openbsd/fstab|fstab]] || BSD || Edit filesystem table || ||%0a|| [[dmesg/usage|dmesg]] || BSD || Display system message buffer || ||%0a|| [[openbsd/hier|hier]] || BSD || OpenBSD filesystem hierarchy || ||%0a|| [[top/usage|top]] || BSD || Info about CPU processes || ||%0a|| [[ps/usage|ps]] || BSD || Monitor Processes || ||%0a|| [[renice/usage|renice]] || BSD || Renice processes || ||%0a|| [[fstat/usage|fstat]] || Network || Show file status || ||%0a|| [[fuser/usage|fuser]] || Network || Show process using a file || ||%0a|| [[kill/usage|kill]] || BSD || Send signals to processes || ||%0a|| [[openbsd/panic|kernel panics]] || BSD || Dealing with kernel panics || ||%0a|| [[openbsd/loginconf|Login classes]] || BSD || Configure login classes || ||%0a|| [[openbsd/sysctl|sysctl]] || BSD || Getting and setting kernel state || ||%0a|| [[swapctl/usage|swapctl]] || BSD || Manage system swap space || ||%0a|| [[openbsd/outofmemory|OOM error]] || BSD || Out of memory error || ||%0a|| [[atactl/usage|atactl]] || BSD || Get disk information || ||%0a|| [[rc/rc.d|rc.d]] || BSD || rc.d || ||%0a|| [[rc/rc.conf|rc.conf]] || BSD || rc.conf || ||%0a|| [[acct/accton|accton]] || BSD || accton || ||%0a|| [[openbsd/vipw|vipw]] || BSD || Edit the password file || Extend VPS 1 week ||%0a%0a%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/firstamendment|Free Press]] || Civics || Freedom of Speech and of the Press || ||%0a|| [[Ircnow/Dogfood|Dogfooding]] || Civics || Eat your own dogfood || ||%0a%0a||! IRC Bouncer ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/software|Software Freedom]] || Civics || Software Freedom || ||%0a|| [[relayd/acceleration|TLS Acceleration]] || Security || Provide TLS for multiple services || ||%0a|| [[relayd/TLSMulti|TLS Acceleration (multiple)]] || Security || Encrypt traffic with TLS for multiple services || ||%0a%0a||! TCP/IP Networking ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/religion|Religious Liberty]] || Civics || Freedom of Religion || ||%0a|| [[tcpip/overview|TCP/IP Networking]] || Network || Learn Basics of TCP/IP || ||%0a|| [[IPv4/overview|IPv4 Networking]] || Network || Learn IPv4 Networking || ||%0a|| [[IPv6/overview|IPv6 Networking]] || Network || Learn IPv6 Networking || ||%0a|| [[tcpip/sockets|TCP/IP sockets]] || Network || Learn Basics of TCP/IP sockets || ||%0a|| [[ip/netmask|IP netmasks]] || Network || Learn Basics of IP netmasks || ||%0a|| [[tcpip/ports|TCP/UDP ports]] || Network || Learn Basics of TCP/UDP ports || ||%0a|| [[IP/Myaddress|My IP Address]] || Network || What's my IP Address? || ||%0a|| [[tcpbench/usage|tcpbench]] || Network || Benchmark TCP/IP throughput || ||%0a|| [[openbsd/ping|ping]] || Network || Troubleshoot networking with ping || ||%0a|| [[traceroute/usage|traceroute]] || Network || Trace packet route || ||%0a|| [[openbsd/dig|dig]] || Network || Troubleshoot DNS servers and records || Extend VPS 1 week ||%0a|| [[ifconfig|ifconfig]] || Network || ifconfig guide || ||%0a|| [[ifconfig/change|Changing addresses]] || Network || Changing network addresses || ||%0a|| [[Hostnameif/Static|Static Networking]] || Network || ||%0a|| [[Hostnameif/autoconf|Autoconf Networking]] || Network || ||%0a|| [[ifstated/configure|Configure ifstated]] || Network || Configure ifstated || ||%0a|| [[arp/usage|arp]] || Network || Address resolution protocol || ||%0a|| [[ndp/usage|ndp]] || Network || Neighbor discovery protocol || ||%0a|| [[resolv/conf-|resolv.conf]] || Network || Configuring resolv.conf || ||%0a|| [[resolvd/usage|resolvd]] || Network || Using resolvd || ||%0a|| [[route/usage|Route]] || Network || Configure route paths || ||%0a|| [[route/hostnameif|hostname.if route]] || Network || Add routes to hostname.if at bootup || ||%0a|| [[netstat/usage|netstat]] || Network || Show network status || ||%0a|| [[route/sourceaddr|Route source address]] || Network || Configure routing source address || Extend VPS 1 week ||%0a%0a||! Wireless ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[ifconfig/hostap|hostap]] || Network || Set up Host Access Point || ||%0a|| [[hostapd/configure|hostapd]] || Network || Synchronize Host Access Points || ||%0a%0a||! Packet Filter ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/openforeveryone|Open For Everyone]] || Civics || || ||%0a|| [[pf/configure|pf.conf]] || Network || Configure Packet Filter || ||%0a|| [[pf/guide|Packet Filter]] || Network || Setup firewall with Packet Filter || ||%0a|| [[pf/nat|NAT with packet filter]] || Network || NAT with Packet Filter || ||%0a|| [[pf/whitelisting|Whitelisting]] || Network || Whitelisting || ||%0a|| [[pf/debugging|Debugging PF rulesets]] || Network || Debugging PF rulesets || ||%0a|| [[pf/rdr-to|rdr-to]] || Network || rdr-to || ||%0a|| [[pf/traffic shaping|Traffic shaping]] || Network || Traffic shaping || ||%0a|| [[pf/pflog|pflog]] || Network || pflog || ||%0a|| [[pf/authpf|authpf]] || Network || authpf || ||%0a|| [[pf/testing|testing rulesets]] || Network || Testing PF rulesets || ||%0a|| [[pf/nat64|NAT64 with packet filter]] || Network || NAT6 with packetfilter || ||%0a|| [[pf/ftp-proxy|ftp-proxy]] || Network || ftp-proxy || ||%0a|| [[pf/dmz|DMZ]] || Network || DMZ || ||%0a|| [[openbsd/ddos|DDoS Defense]] || Network || Defend against DDoS Attacks || ||%0a|| [[openbsd/tcpdump|tcpdump]] || Network || Read network packets || ||%0a|| [[openbsd/SSDP|SSDP attack]] || Network || || ||%0a|| [[openbsd/ACKFlood|TCP ack flood]] || Network || || ||%0a|| [[openbsd/RSTFlood|TCP reset flood]] || Network || || ||%0a|| [[openbsd/UDPFlood|UDP Flood]] || Network || || ||%0a|| [[openbsd/amplification|amplification attack]] || Network || || ||%0a|| [[openbsd/PFStable|PF Stable]] || Network || Sample PF Firewall for Stable || ||%0a|| [[openbsd/PFTesting|PF Testing]] || Network || Sample PF Firewall for Testing || ||%0a|| [[openbsd/pf|Packet Filter]] || Network || PF Guide || Extend VPS 1 week ||%0a|| [[pfctl/usage|pfctl]] || Network || PF Guide || Control packet filter ||%0a%0a||! Networking ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[ifconfig/wifi|WiFi]] || Network || Configure WiFi || ||%0a|| [[ifconfig/wifitoethernet|WiFi to Ethernet]] || Network || WiFi to Ethernet || ||%0a|| [[ifconfig/bridge|bridge]] || Network || Bridge interface || ||%0a|| [[ifconfig/vlan|vlan]] || Network || vlan interface || ||%0a|| [[ifconfig/veb|veb]] || Network || veb interface || ||%0a|| [[ifconfig/vether|vether]] || Network || Virtual Ethernet interface || ||%0a|| [[ifconfig/carp|carp]] || Network || CARP interface || ||%0a|| [[ifconfig/gre|gre]] || Network || GRE interface || ||%0a|| [[ifconfig/mgre|mgre]] || Network || MGRE interface || ||%0a|| [[ifconfig/egre|egre]] || Network || EGRE interface || ||%0a|| [[ifconfig/eoip|eoip]] || Network || eoip interface || ||%0a|| [[ifconfig/etherip|etherip]] || Network || etherip interface || ||%0a|| [[ifconfig/vxlan|vxlan]] || Network || vxlan interface || ||%0a|| [[ifconfig/mpe|mpe]] || Network || mpe interface || ||%0a|| [[ifconfig/mpip|mpip]] || Network || mpip interface || ||%0a|| [[ifconfig/mpw|mpw]] || Network || mpw interface || ||%0a|| [[ifconfig/bpe|bpe]] || Network || bpe interface || ||%0a|| [[ifconfig/pppoe|pppoe]] || Network || pppoe interface || ||%0a|| [[ifconfig/sppp|sppp]] || Network || sppp interface || ||%0a|| [[ifconfig/tpmr|tpmr]] || Network || tpmr interface || ||%0a|| [[ifconfig/trunk|trunk]] || Network || trunk interface || ||%0a|| [[ifconfig/aggr|aggr]] || Network || aggr interface || ||%0a|| [[ifconfig/urndis|urndis]] || Network || urndis interface || ||%0a|| [[ifconfig/pflow|pflow]] || Network || pflow interface || ||%0a|| [[ifconfig/pfsync|pfsync]] || Network || pfsync interface || ||%0a|| [[gre/6in4vmm|6-in-4 gre (vmm)]] || Network || Tunnel IPv6 inside IPv4 with GRE (vmm) || ||%0a|| [[gre/6in4|6-in-4 gre]] || Network || Tunnel IPv6 inside IPv4 with GRE || ||%0a|| [[gre/4in6|4-in-6 gre]] || Network || Tunnel IPv4 inside IPv6 with GRE || ||%0a|| [[ifconfig/wg|wg]] || Network || WireGuard interface || ||%0a|| [[ifconfig/tap|tap]] || Network || Ethernet tunnel pseudo-device interface || ||%0a|| [[ifconfig/tun|tun]] || Network || Network tunnel pseudo-device interface || ||%0a%0a||! Domain Name Lookup ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[dns/overview|DNS Overview]] || DNS || Learn the Domain Name System || ||%0a|| [[unwind/configure|unwind]] || Network || Validating DNS resolver || ||%0a|| [[unbound/configure|unbound]] || DNS || Configure a local caching nameserver || ||%0a|| [[unbound/dnssec-|DNSSec for Unbound]] || DNS || Add DNSSec for unbound || ||%0a|| [[dig/usage|dig]] || DNS || Troubleshoot DNS records with dig || ||%0a|| [[host/usage|host]] || DNS || Troubleshoot DNS records with host || ||%0a|| [[hostname/usage|hostname]] || DNS || Set hostname || ||%0a|| [[hosts/configure|Configure /etc/hosts]] || BSD || Host and network name database || Apply for IRC operator ||%0a%0a||! Name Server ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[netizen/become|Become a Netizen]] || Civics || || ||%0a|| [[netizen/rights|Netizen Rights]] || Civics || || ||%0a|| [[dns/records|DNS Records]] || DNS || Understand DNS record types || ||%0a|| [[dns/registrars|Name Registrars]] || DNS || Choose a name registrar || ||%0a|| [[dns/FQDN|FQDN]] || DNS || Understand FQDN and $ORIGIN || ||%0a|| [[nsd/configure|Configure NSD]] || DNS || Configure name server for custom domains || ||%0a|| [[dns/zonefile|Zone File]] || DNS || || ||%0a|| [[nsd/zone|NSD Zone]] || DNS || || Extend VPS 1 week ||%0a|| [[nsd/masterslave|nsd master slave]] || DNS || || ||%0a|| [[nsd/troubleshoot|Troubleshooting NSD]] || DNS || || ||%0a|| [[DNS/rDNS|rDNS]] || DNS || Configure reverse DNS for vhosts and email || ||%0a|| [[DNS/Ipv4rDNS|IPv4 rDNS]] || DNS || Configure IPv4 reverse DNS || ||%0a|| [[DNS/Ipv6rDNS|IPv6 rDNS]] || DNS || Configure IPv6 reverse DNS || Extend VPS 1 week ||%0a%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/unix|Unix Work Ethic]] || Civics || || ||%0a|| [[dns/vhost|vhost]] || DNS || Create custom vhost || ||%0a|| [[identd/configure|identd]] || Security || Provide ident to stop abuse || ||%0a%0a||! Mail Server ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/federation|Federation]] || Civics || || ||%0a|| [[opensmtpd/maildir|OpenSMTPd (with Maildir)]] || Mail || Configure your mail server (using Maildir) || ||%0a|| [[DNS/Mail|DNS for Mail]] || Mail || Create DNS records for email || ||%0a|| [[DNS/SPF]] || Mail || Configure SPF records to avoid the spam folder || ||%0a|| [[DNS/DKIM]] || Mail || Configure DKIM records to avoid the SPAM folder || ||%0a|| [[DNS/DMARC]] || Mail || Configure DMARC records to block phishing and spam || ||%0a|| [[netcat/SMTP|netcat SMTP]] || Network || Troubleshoot SMTP with netcat || ||%0a|| [[Opensmtpd/Test|SMTP Testing]] || Mail || Send a test letter || ||%0a|| [[Opensmtpd/Inbox|Getting inboxed]] || Mail || Getting inboxed || ||%0a|| [[Opensmtpd/Openrelay|Open Mail Relay]] || Mail || Block open mail relay to avoid sending spam || ||%0a|| [[smtp/usage|smtp]] || Mail || SMTP client || ||%0a|| [[spamd/configure|spamd]] || Mail || Configure spam filter || ||%0a|| [[opensmtpd/aliases|aliases]] || Mail || Configure aliases for mail || ||%0a%0a||! Simple Network Management Protocol ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[snmpd/configure|snmpd]] || SNMP || Configure SNMPd || ||%0a|| [[snmp/configure|snmp]] || SNMP || Configure SNMP || ||%0a%0a|| [[sensorsd/configure|sensorsd]] || BSD || sensorsd || ||%0a%0a||! LDAP ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[ldapd/configure|ldapd]] || LDAP || Configure ldapd || ||%0a%0a%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Servers/Rights|Servers' Rights]] || Civics || Servers' Rights || ||%0a|| [[Minutemin/Code|Minutemin's Code]] || Civics || Recite the Code of Honor || ||%0a%0a||! Version Control ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Minutemin/Duty|Call of Duty]] || Civics || The Call of Duty || ||%0a|| [[cvsweb/restore|Restore from CVSweb]] || Code || Learn how to restore files with CVSweb || ||%0a|| [[got/usage|got]] || Code || Set up got version control (clone of git) || ||%0a|| [[got/repo|got repo]] || Code || Set up got repo || ||%0a|| [[got/server|got server]] || Code || Set up got server || ||%0a|| [[got/mirror|got mirror]] || Code || Set up got mirror || ||%0a|| [[gotweb/install|gotweb]] || Code || Set up got web access || Extend VPS 1 week ||%0a%0a||! Disk Setup and Backups ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Minutemin/Server|Minutemin's Server]] || Civics || The Minutemin's Server || ||%0a|| [[openbsd/dump|dump]] || BSD || Backup a partition || ||%0a|| [[openrsync/usage|openrsync]] || BSD || Backup and sync files || ||%0a|| [[openbsd/fdisk|fdisk]] || BSD || Partition Hard Disk || ||%0a|| [[openbsd/disklabel|disklabel]] || BSD || Edit Partitions || ||%0a|| [[disklabel/partitioning|disklabel partitioning]] || BSD || Partition New Hard Disk || ||%0a|| [[newfs/usage|newfs]] || BSD || Construct a new filesystem || ||%0a|| [[mount/usage|mount]] || BSD || Mount partitions || ||%0a|| [[openbsd/newdisk|newdisk]] || BSD || Add a New Hard Disk || ||%0a|| [[mfs/usage|mfs]] || BSD || Construct a memory-based filesystem || ||%0a|| [[ffs/intro|FFS]] || BSD || Learn about the Fast Filesystem || ||%0a|| [[fsck/usage|fsck]] || BSD || Filesystem check consistency check || ||%0a|| [[openbsd/quota]] || BSD || Edit disk quotas || ||%0a|| [[openbsd/growfs|growfs]] || BSD || Grow a Disk Partition || Get shell account on server ||%0a%0a||! RAID ||||||||%0a|| [[softraid/install|softraid]] || BSD || Configuring software RAID || ||%0a|| [[softraid/rebuild|Rebuild softraid]] || BSD || Rebuilding software RAID || ||%0a%0a||! File servers ||||||||%0a|| [[exports/configure|nfsd]] || BSD || Configure NFS || ||%0a|| [[nfsd/configure|nfsd]] || BSD || Serve files over NFS || ||%0a|| [[mount_nfs/usage|mount_nfs]] || BSD || Mount NFS filesystems || ||%0a|| [[mountd/configure|nfsd]] || BSD || Automatically mount NFS filesystems || ||%0a|| [[ftpd/configure|ftpd]] || BSD || Serve files over FTP || ||%0a|| [[tftpd/configure|tftpd]] || BSD || Serve files over TFTP || ||%0a%0a||! Text Processing ||||||||%0a|| [[sed/usage|sed]] || BSD || sed scripting || ||%0a|| [[awk/usage|awk]] || BSD || awk scripting || ||%0a|| [[roff/usage|roff]] || BSD || roff || ||%0a%0a||! Shell Scripting ||||||||%0a|| [[ksh/intro|ksh intro]] || BSD || shell scripting || ||%0a|| [[perl101/perl101|perl intro]] || BSD || perl scripting || ||%0a%0a||! Virtual Machine ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[vmm/intro|VMM Intro]] || BSD || Intro to the VMM Hypervisor || ||%0a|| [[vmctl/usage|Vmctl User Guide]] || BSD || Control your VPS || ||%0a|| [[cu/usage|cu]] || BSD || Serial terminal emulator || ||%0a|| [[vmctl/newdisk|Add disk to VM]] || BSD || Add new storage disk to VPS || ||%0a|| [[vmctl/reinstall|Reinstall VM]] || BSD || Reinstall OpenBSD inside VMM || ||%0a|| [[vmm/install|Install OpenBSD inside VMM]] || BSD || Install OpenBSD inside VMM || ||%0a|| [[openbsd/install|Install OpenBSD]] || BSD || Install OpenBSD || ||%0a|| [[openbsd/upgrade|Upgrade OpenBSD]] || BSD || Upgrade OpenBSD || ||%0a|| [[openbsd/sysupgrade|OpenBSD Sysupgrade]] || BSD || Sysupgrade OpenBSD || ||%0a|| [[vmm/sysupgrade|Vmm Sysupgrade]] || BSD || Sysupgrade OpenBSD VMM Host || ||%0a|| [[sysmerge/usage|sysmerge]] || BSD || Merge conf files after upgrade || ||%0a|| [[openbsd/bsdrd|bsd.rd]] || BSD || Install/Upgrade/Repair with Ramdisk || ||%0a|| [[openbsd/singleuser|Single User Mode]] || BSD || Boot OpenBSD into single user mode || ||%0a|| [[OpenBSD.ResetPassword|Reset root password]] || BSD || Reset root password || ||%0a|| [[openbsd/autoinstall|autoinstall]] || BSD || Unattended autoinstall || ||%0a%0a||! VMM Hosting ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[vmm/configure|Configure VMM]] || Network || Offer Hosting with VMM || ||%0a|| [[hosting/providers|Hosting Providers]] || Network || Choose a Hosting Provider || ||%0a|| [[dhcpd/configure|Configure DHCP server]] || Network || Configure DHCP server || ||%0a|| [[rad/configure|Configure rad server]] || Network || Set up Router Advertisements for IPv6 || ||%0a|| [[slaacd/configure|Configure slaacd daemon]] || Network || Configure slaacd daemon || ||%0a|| [[openbsd/diskless|diskless]] || BSD || Run OpenBSD on diskless systems || Acquire admin access ||%0a%0a||! System Bootup ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[rc/conf|rc.conf]] || BSD || System daemon configuration || ||%0a%0a||! System Logging ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[syslogd/configure|syslogd]] || BSD || Configure system logging || ||%0a|| [[syslogd/remote|Remote syslogd]] || BSD || Configure remote system logging || ||%0a|| [[newsyslog/configure|newsyslog]] || BSD || Log rotation || ||%0a%0a||! System Logging ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[sendbug/usage|send]] || BSD || sendbug || ||%0a|| [[openbsd/mail|OpenBSD mailing list]] || BSD || OpenBSD mailing list || ||%0a%0a||! Civics ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Freedom/Independence|Independence]] || Civics || Declaration of Network Independence || ||%0a|| [[ircnow/constitution|Constitution]] || Civics || Read the Constitution and Bill of Rights || ||%0a|| [[freedom/union|United We Serve]] || Civics || || ||%0a|| [[freedom/privacy|Privacy]] || Civics || Right to Privacy || ||%0a|| [[freedom/homestead|Homestead VPS]] || Civics || || ||%0a|| [[freedom/madeonirc|Made on IRC]] || Civics || || ||%0a|| [[freedom/startupdream|The Startup Dream]] || Civics || || ||%0a|| [[freedom/dueprocess|Due Process]] || Civics || || ||%0a|| [[freedom/checks|Checks and Balances]] || Civics || || ||%0a|| [[freedom/rulebylaw|Rule by Law]] || Civics || || Extend VPS 1 week ||%0a%0a||! Miscellaneous ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/ports|ports]] || BSD || Install software from ports tree || ||%0a|| [[Pkgadd.CheckUpdates-|pkg_add updates]] || BSD || Keep software updated || ||%0a|| [[ntpd/configure|ntpd]] || Network || Update date and time from network automatically || Extend VPS 1 week ||%0a%0a||! Stopping Abuse ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[abuse/intro|Abuse Guide]] || Security || Investigation techniques to report criminals || ||%0a|| [[team/security|Team Security]] || Security || Prevent security leaks || Extend VPS 1 week ||%0a%0a||! Security ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Password/Management|Manage Passwords]] || Shell || Create secure passwords || ||%0a|| [[Openssl/Encryptfile|Encrypt Files]] || Shell || Encrypt files with OpenSSL || ||%0a|| [[signify/verify|signify]] || Security || Verify OpenBSD software || ||%0a|| [[shell/limits]] || Security || Setting resource limits || ||%0a|| [[openbsd/FilePermissions|File Permissions]] || Security || Fix insecure file permissions || Extend VPS 1 week ||%0a|| [[pledge/intro|pledge]] || Security || Restrict system operations || ||%0a|| [[unveil/intro|unveil]] || Security || Unveil parts of restricted filesystems || ||%0a|| [[openbsd/setuid]] || Security || Audit setuid root binaries || ||%0a|| [[security/usage|security]] || Security || Security checks || ||%0a|| [[team/security]] || Security || Team security || ||%0a%0a||! Routing ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[vlan/configure|Configure vlan]] || Network || Configure vlan || ||%0a|| [[pair/configure|pair]] || Network || Configure pair interface || ||%0a|| [[veb/configure|Configure veb]] || Network || Configure veb || ||%0a|| [[bridge/configure|Configure bridge]] || Network || Configure bridge || ||%0a|| [[nat/configure|Configure nat]] || Network || Configure NAT || ||%0a|| [[route/static|Static routing]] || Network || Configure static routing || ||%0a|| [[ripd/configure|RIPd]] || Network || Configure RIPd || ||%0a|| [[route6d/configure|route6d]] || Network || Configure route6d || ||%0a|| [[ospfd/configure|OSPFd]] || Network || Configure OSPFd || ||%0a|| [[bgpd/configure|BGPd]] || Network || Configure BGPd || ||%0a|| [[dhcpd/configure|Configure DHCP server]] || Network || || ||%0a|| [[dvmrpd/configure|DVMRPd]] || Network || Configure DVMRPd || ||%0a|| [[mrouted/configure|mrouted]] || Network || Configure Multicast Routing || ||%0a|| [[npppd/configure|Configure npppd server]] || Network || Configure npppd server || ||%0a|| [[dhcpleased/configure|Configure DHCP client]] || Network || || ||%0a%0a||! VPNs and Proxies ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[iked/sitetosite|Site-to-site IPsec]] || Security || Provide site-to-site IPsec VPN || ||%0a|| [[iked/sitetositevmm|Site-to-site IPsec (vmm)]] || Security || Emulate site-to-site IPsec VPN with VMM || ||%0a|| [[iked/roadwarrior|Road warrior IPsec]] || Network || Provide Roadwarrior IPsec VPNs || ||%0a|| [[iked/roadwarriorvmm|Road warrior IPsec (vmm) ]] || Network || Emulate Roadwarrior IPsec VPNs || ||%0a|| [[vpn/vpn|VPN clients]] || Security || Configure IPsec VPN client || ||%0a|| [[vpn/myipaddress|Test VPN]] || Security || Test IP address behind VPN || ||%0a|| [[iked/binat|Binat IPsec]] || Network || Host home from with IPsec || ||%0a%0a||! Secure Shell ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[sshd/configure|sshd]] || Security || Configure and start sshd || ||%0a|| [[ssh/fingerprints|ssh fingerprints]] || Security || Verify SSH fingerprints || ||%0a|| [[ssh/agent|ssh agent]] || Security || Configure ssh agent || ||%0a|| [[OpenSSH/connect|OpenSSH]] || Security || Configure ssh and connect securely || ||%0a|| [[OpenSSH/Keygen|Generate SSH Keys]] || Security || Generate SSH keys || Extend VPS 1 week ||%0a|| [[openbsd/sshkeys|SSH keys]] || Security || Verify ssh keys || ||%0a|| [[openbsd/sshbackdoor|SSH backdoor]] || Security || Configure ssh side channel to avoid DDoS || ||%0a|| [[sftp/chroot|Chroot SFTP]] || Security || Configure sftp inside a chroot || ||%0a|| [[sshd/chroot|Chroot sshd]] || Network || Configure ssh users inside a chroot || ||%0a|| [[openrsync/chroot|Chroot openrsync]] || Network || Configure openrsync inside a chroot || Extend VPS 1 week ||%0a%0a||! Further Reading ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/books|OpenBSD Books]] || BSD || OpenBSD recommended reading || ||%0a|| [[unix/reading|Unix Books]] || BSD || Unix recommended reading || ||%0a%0a||! Minutemin ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Team/Welcome|Welcome to the Team]] || Civics || Learn Team Responsibilities || ||%0a|| [[Team/Testing|Testing Servers]] || Civics || Learn Team Procedure for Testing || ||%0a|| [[Team/Announce|Announcements]] || Civics || Announce downtime and updates for users || Extend VPS 1 week ||%0a
-time=1731469150
+rev=91
+targets=Openbsd.Intro,Doas.Configure,Syspatch.Syspatch,FwUpdate.Usage,Openbsd.Pkg,Ircnow.Howtoask,Lists.Ircnow,Freedom.Fork,Chroot.Intro,Openhttpd.Configure,Telnet.Http,Netcat.Http,Tls.Intro,Tls.San,Acme-client.Configure,Openhttpd.Tls,Openssl.Http,Openssl.Cert,Openhttpd.Website,Openhttpd.Hosting,Openbsd.Httpopenproxy,Openbsd.Chroot,Openhttpd.Perl,Slowcgi.Usage,Freedom.Selfadmin,Netcat.Irc,Netcat.Usage,Openbsd.Rcctl,Openbsd.Ed,Tar.Usage,Ksh.Editor,Ksh.History,Crontab.Edit,Openbsd.Adduser,Group.Usage,Openbsd.Localtime,Dd.Iso,Ln.Intro,Openbsd.Fstab,Dmesg.Usage,Openbsd.Hier,Top.Usage,Ps.Usage,Renice.Usage,Fstat.Usage,Fuser.Usage,Kill.Usage,Openbsd.Panic,Openbsd.Loginconf,Openbsd.Sysctl,Swapctl.Usage,Openbsd.Outofmemory,Atactl.Usage,Acct.Accton,Openbsd.Vipw,Freedom.Firstamendment,Ircnow.Dogfood,Freedom.Software,Relayd.Acceleration,Relayd.TLSMulti,Freedom.Religion,Tcpip.Overview,IPv4.Overview,IPv6.Overview,Tcpip.Sockets,Ip.Netmask,Tcpip.Ports,IP.Myaddress,Tcpbench.Usage,Openbsd.Ping,Traceroute.Usage,Openbsd.Dig,Adminforces.Ifconfig,Ifconfig.Change,Hostnameif.Static,Hostnameif.Autoconf,Ifstated.Configure,Arp.Usage,Ndp.Usage,Resolv.Conf-,Resolvd.Usage,Route.Usage,Route.Hostnameif,Netstat.Usage,Route.Sourceaddr,Ifconfig.Hostap,Hostapd.Configure,Freedom.Openforeveryone,Pf.Configure,Pf.Guide,Pf.Nat,Pf.Whitelisting,Pf.Debugging,Pf.Rdr-to,Pf.TrafficShaping,Pf.Pflog,Pf.Authpf,Pf.Testing,Pf.Nat64,Pf.Ftp-proxy,Pf.Dmz,Openbsd.Ddos,Openbsd.Tcpdump,Openbsd.SSDP,Openbsd.ACKFlood,Openbsd.RSTFlood,Openbsd.UDPFlood,Openbsd.Amplification,Openbsd.PFStable,Openbsd.PFTesting,Openbsd.Pf,Pfctl.Usage,Ifconfig.Wifi,Ifconfig.Wifitoethernet,Ifconfig.Bridge,Ifconfig.Vlan,Ifconfig.Veb,Ifconfig.Vether,Ifconfig.Carp,Ifconfig.Gre,Ifconfig.Mgre,Ifconfig.Egre,Ifconfig.Eoip,Ifconfig.Etherip,Ifconfig.Vxlan,Ifconfig.Mpe,Ifconfig.Mpip,Ifconfig.Mpw,Ifconfig.Bpe,Ifconfig.Pppoe,Ifconfig.Sppp,Ifconfig.Tpmr,Ifconfig.Trunk,Ifconfig.Aggr,Ifconfig.Urndis,Ifconfig.Pflow,Ifconfig.Pfsync,Gre.6in4vmm,Gre.6in4,Gre.4in6,Ifconfig.Wg,Ifconfig.Tap,Ifconfig.Tun,Dns.Overview,Unwind.Configure,Unbound.Configure,Unbound.Dnssec-,Dig.Usage,Host.Usage,Hostname.Usage,Hosts.Configure,Netizen.Become,Netizen.Rights,Dns.Records,Dns.Registrars,Dns.FQDN,Nsd.Configure,Dns.Zonefile,Nsd.Zone,Nsd.Masterslave,Nsd.Troubleshoot,DNS.RDNS,DNS.Ipv4rDNS,DNS.Ipv6rDNS,Freedom.Unix,Dns.Vhost,Identd.Configure,Freedom.Federation,Opensmtpd.Maildir,DNS.Mail,DNS.SPF,DNS.DKIM,DNS.DMARC,Netcat.SMTP,Opensmtpd.Test,Opensmtpd.Inbox,Opensmtpd.Openrelay,Smtp.Usage,Spamd.Configure,Opensmtpd.Aliases,Snmpd.Configure,Snmp.Configure,Sensorsd.Configure,Ldapd.Configure,Servers.Rights,Minutemin.Code,Minutemin.Duty,Cvsweb.Restore,Got.Usage,Got.Repo,Got.Server,Got.Mirror,Gotweb.Install,Minutemin.Server,Openbsd.Dump,Openrsync.Usage,Openbsd.Fdisk,Openbsd.Disklabel,Disklabel.Partitioning,Newfs.Usage,Mount.Usage,Openbsd.Newdisk,Mfs.Usage,Ffs.Intro,Fsck.Usage,Openbsd.Quota,Openbsd.Growfs,Softraid.Install,Softraid.Rebuild,Exports.Configure,Nfsd.Configure,MountNfs.Usage,Mountd.Configure,Ftpd.Configure,Tftpd.Configure,Sed.Usage,Awk.Usage,Roff.Usage,Ksh.Intro,Perl101.Perl101,Vmm.Intro,Vmctl.Usage,Cu.Usage,Vmctl.Newdisk,Vmctl.Reinstall,Vmm.Install,Openbsd.Install,Openbsd.Upgrade,Openbsd.Sysupgrade,Vmm.Sysupgrade,Sysmerge.Usage,Openbsd.Bsdrd,Openbsd.Singleuser,OpenBSD.ResetPassword,Openbsd.Autoinstall,Vmm.Configure,Hosting.Providers,Dhcpd.Configure,Rad.Configure,Slaacd.Configure,Openbsd.Diskless,Rc.Conf,Syslogd.Configure,Syslogd.Remote,Newsyslog.Configure,Sendbug.Usage,Openbsd.Mail,Freedom.Independence,Ircnow.Constitution,Freedom.Union,Freedom.Privacy,Freedom.Homestead,Freedom.Madeonirc,Freedom.Startupdream,Freedom.Dueprocess,Freedom.Checks,Freedom.Rulebylaw,Openbsd.Ports,Pkgadd.CheckUpdates-,Ntpd.Configure,Abuse.Intro,Team.Security,Password.Management,Openssl.Encryptfile,Signify.Verify,Shell.Limits,Openbsd.FilePermissions,Pledge.Intro,Unveil.Intro,Openbsd.Setuid,Security.Usage,Vlan.Configure,Pair.Configure,Veb.Configure,Bridge.Configure,Nat.Configure,Route.Static,Ripd.Configure,Route6d.Configure,Ospfd.Configure,Bgpd.Configure,Dvmrpd.Configure,Mrouted.Configure,Npppd.Configure,Dhcpleased.Configure,Iked.Sitetosite,Iked.Sitetositevmm,Iked.Roadwarrior,Iked.Roadwarriorvmm,Vpn.Vpn,Vpn.Myipaddress,Iked.Binat,Sshd.Configure,Ssh.Fingerprints,Ssh.Agent,OpenSSH.Connect,OpenSSH.Keygen,Openbsd.Sshkeys,Openbsd.Sshbackdoor,Sftp.Chroot,Sshd.Chroot,Openrsync.Chroot,Openbsd.Books,Unix.Reading,Team.Welcome,Team.Testing,Team.Announce
+text=(:title Admin Forces Training:)%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! OpenBSD Jumpstart ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/intro|OpenBSD Intro]] || BSD || Introduction to OpenBSD || ||%0a|| [[doas/configure|Configure doas]] || BSD || Execute commands as root || ||%0a|| [[syspatch/syspatch|Patch your system]] || BSD || Patch your system || ||%0a|| [[fw_update/usage|Update firmware]] || BSD || Update firmware || ||%0a|| [[openbsd/pkg|Installing Packages]] || BSD || Install new software || ||%0a|| [[Ircnow/Howtoask|Good Questions]] || Civics || How to Ask Good Questions || ||%0a|| [[Lists/Ircnow|IRCNow Mailing Lists]] || Civics || Sign up to IRCNow Mailing lists || Extend VPS for 1 week ||%0a%0a||! Web Server ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/fork|Freedom to Fork]] || Civics || Freedom to Fork || ||%0a|| [[chroot/intro|Intro to Chroot]] || BSD || Learn about Chroots || ||%0a|| [[Openhttpd/Configure|Simple OpenHTTPd]] || Web || Host your own web server || ||%0a|| [[telnet/http|Telnet HTTP]] || Network || Troubleshoot webserver with telnet || ||%0a|| [[netcat/http|netcat HTTP]] || Network || Troubleshoot webserver with netcat || ||%0a|| [[tls/intro|TLS overview]] || Network || TLS introduction || ||%0a|| [[tls/san|Subject Alternative Names]] || Network || TLS and Subject Alternative Names || ||%0a|| [[acme-client/configure|acme-client]] || Security || Request an SSL cert || ||%0a|| [[Openhttpd/Tls|OpenHTTPd TLS]] || Web || Provide TLS for webpages || ||%0a|| [[openssl/http|OpenSSL HTTP]] || Network || Test TLS for webpages with OpenSSL || ||%0a|| [[openssl/cert|Save OpenSSL cert]] || Network || Save OpenSSL cert || ||%0a|| [[Openhttpd/Website|OpenHTTPd Website]] || Web || Set up your website || Extend VPS 1 week ||%0a|| [[Openhttpd/Hosting|Multi-user OpenHTTPd]] || Web || Configure webserver for multiple domains || ||%0a|| [[Openbsd/Httpopenproxy|Open Proxies]] || Web || Avoid blacklists by closing open proxies || ||%0a|| [[Openbsd/Chroot|OpenHTTPd Chroot]] || Web || OpenHTTPd chroot environment || ||%0a|| [[Openhttpd/Perl|OpenHTTPd Perl]] || Web || Install Perl inside OpenHTTPd chroot || Extend VPS 1 week ||%0a|| [[slowcgi/usage|slowcgi]] || Web || Configure slowcgi || ||%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/selfadmin|Self-Admin]] || Civics || Admin your network || ||%0a|| [[netcat/irc|netcat IRC]] || Network || Troubleshoot IRC with netcat || ||%0a|| [[netcat/usage|netcat]] || Network || Troubleshoot applications with netcat || ||%0a|| [[openbsd/rcctl|rcctl]] || BSD || Start services automatically || Extend VPS 1 week ||%0a%0a||! System Administration ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/ed|ed]] || BSD || ed text editor || ||%0a|| [[tar/usage|tar]] || BSD || Tape archives || ||%0a|| [[ksh/editor|Change editor]] || BSD || Change default editor || ||%0a|| [[ksh/history|ksh history]] || BSD || Add history for shell commands || ||%0a|| [[crontab/edit|Editing crontab]] || BSD || Editing crontab || ||%0a|| [[openbsd/adduser|adduser]] || BSD || Addusers || ||%0a|| [[group/usage|group]] || BSD || Manage groups || ||%0a|| [[openbsd/localtime|localtime]] || BSD || Set time zone || ||%0a|| [[dd/iso|Write image to usb]] || BSD || Write image to USB || ||%0a|| [[ln/intro|symbolic links]] || BSD || Create symbolic links || ||%0a|| [[openbsd/fstab|fstab]] || BSD || Edit filesystem table || ||%0a|| [[dmesg/usage|dmesg]] || BSD || Display system message buffer || ||%0a|| [[openbsd/hier|hier]] || BSD || OpenBSD filesystem hierarchy || ||%0a|| [[top/usage|top]] || BSD || Info about CPU processes || ||%0a|| [[ps/usage|ps]] || BSD || Monitor Processes || ||%0a|| [[renice/usage|renice]] || BSD || Renice processes || ||%0a|| [[fstat/usage|fstat]] || Network || Show file status || ||%0a|| [[fuser/usage|fuser]] || Network || Show process using a file || ||%0a|| [[kill/usage|kill]] || BSD || Send signals to processes || ||%0a|| [[openbsd/panic|kernel panics]] || BSD || Dealing with kernel panics || ||%0a|| [[openbsd/loginconf|Login classes]] || BSD || Configure login classes || ||%0a|| [[openbsd/sysctl|sysctl]] || BSD || Getting and setting kernel state || ||%0a|| [[swapctl/usage|swapctl]] || BSD || Manage system swap space || ||%0a|| [[openbsd/outofmemory|OOM error]] || BSD || Out of memory error || ||%0a|| [[atactl/usage|atactl]] || BSD || Get disk information || ||%0a|| [[rc/rc.d|rc.d]] || BSD || rc.d || ||%0a|| [[rc/rc.conf|rc.conf]] || BSD || rc.conf || ||%0a|| [[acct/accton|accton]] || BSD || accton || ||%0a|| [[openbsd/vipw|vipw]] || BSD || Edit the password file || Extend VPS 1 week ||%0a%0a%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/firstamendment|Free Press]] || Civics || Freedom of Speech and of the Press || ||%0a|| [[Ircnow/Dogfood|Dogfooding]] || Civics || Eat your own dogfood || ||%0a%0a||! IRC Bouncer ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/software|Software Freedom]] || Civics || Software Freedom || ||%0a|| [[relayd/acceleration|TLS Acceleration]] || Security || Provide TLS for multiple services || ||%0a|| [[relayd/TLSMulti|TLS Acceleration (multiple)]] || Security || Encrypt traffic with TLS for multiple services || ||%0a%0a||! TCP/IP Networking ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/religion|Religious Liberty]] || Civics || Freedom of Religion || ||%0a|| [[tcpip/overview|TCP/IP Networking]] || Network || Learn Basics of TCP/IP || ||%0a|| [[IPv4/overview|IPv4 Networking]] || Network || Learn IPv4 Networking || ||%0a|| [[IPv6/overview|IPv6 Networking]] || Network || Learn IPv6 Networking || ||%0a|| [[tcpip/sockets|TCP/IP sockets]] || Network || Learn Basics of TCP/IP sockets || ||%0a|| [[ip/netmask|IP netmasks]] || Network || Learn Basics of IP netmasks || ||%0a|| [[tcpip/ports|TCP/UDP ports]] || Network || Learn Basics of TCP/UDP ports || ||%0a|| [[IP/Myaddress|My IP Address]] || Network || What's my IP Address? || ||%0a|| [[tcpbench/usage|tcpbench]] || Network || Benchmark TCP/IP throughput || ||%0a|| [[openbsd/ping|ping]] || Network || Troubleshoot networking with ping || ||%0a|| [[traceroute/usage|traceroute]] || Network || Trace packet route || ||%0a|| [[openbsd/dig|dig]] || Network || Troubleshoot DNS servers and records || Extend VPS 1 week ||%0a|| [[ifconfig|ifconfig]] || Network || ifconfig guide || ||%0a|| [[ifconfig/change|Changing addresses]] || Network || Changing network addresses || ||%0a|| [[Hostnameif/Static|Static Networking]] || Network || ||%0a|| [[Hostnameif/autoconf|Autoconf Networking]] || Network || ||%0a|| [[ifstated/configure|Configure ifstated]] || Network || Configure ifstated || ||%0a|| [[arp/usage|arp]] || Network || Address resolution protocol || ||%0a|| [[ndp/usage|ndp]] || Network || Neighbor discovery protocol || ||%0a|| [[resolv/conf-|resolv.conf]] || Network || Configuring resolv.conf || ||%0a|| [[resolvd/usage|resolvd]] || Network || Using resolvd || ||%0a|| [[route/usage|Route]] || Network || Configure route paths || ||%0a|| [[route/hostnameif|hostname.if route]] || Network || Add routes to hostname.if at bootup || ||%0a|| [[netstat/usage|netstat]] || Network || Show network status || ||%0a|| [[route/sourceaddr|Route source address]] || Network || Configure routing source address || Extend VPS 1 week ||%0a%0a||! Wireless ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[ifconfig/hostap|hostap]] || Network || Set up Host Access Point || ||%0a|| [[hostapd/configure|hostapd]] || Network || Synchronize Host Access Points || ||%0a%0a||! Packet Filter ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/openforeveryone|Open For Everyone]] || Civics || || ||%0a|| [[pf/configure|pf.conf]] || Network || Configure Packet Filter || ||%0a|| [[pf/guide|Packet Filter]] || Network || Setup firewall with Packet Filter || ||%0a|| [[pf/nat|NAT with packet filter]] || Network || NAT with Packet Filter || ||%0a|| [[pf/whitelisting|Whitelisting]] || Network || Whitelisting || ||%0a|| [[pf/debugging|Debugging PF rulesets]] || Network || Debugging PF rulesets || ||%0a|| [[pf/rdr-to|rdr-to]] || Network || rdr-to || ||%0a|| [[pf/traffic shaping|Traffic shaping]] || Network || Traffic shaping || ||%0a|| [[pf/pflog|pflog]] || Network || pflog || ||%0a|| [[pf/authpf|authpf]] || Network || authpf || ||%0a|| [[pf/testing|testing rulesets]] || Network || Testing PF rulesets || ||%0a|| [[pf/nat64|NAT64 with packet filter]] || Network || NAT6 with packetfilter || ||%0a|| [[pf/ftp-proxy|ftp-proxy]] || Network || ftp-proxy || ||%0a|| [[pf/dmz|DMZ]] || Network || DMZ || ||%0a|| [[openbsd/ddos|DDoS Defense]] || Network || Defend against DDoS Attacks || ||%0a|| [[openbsd/tcpdump|tcpdump]] || Network || Read network packets || ||%0a|| [[openbsd/SSDP|SSDP attack]] || Network || || ||%0a|| [[openbsd/ACKFlood|TCP ack flood]] || Network || || ||%0a|| [[openbsd/RSTFlood|TCP reset flood]] || Network || || ||%0a|| [[openbsd/UDPFlood|UDP Flood]] || Network || || ||%0a|| [[openbsd/amplification|amplification attack]] || Network || || ||%0a|| [[openbsd/PFStable|PF Stable]] || Network || Sample PF Firewall for Stable || ||%0a|| [[openbsd/PFTesting|PF Testing]] || Network || Sample PF Firewall for Testing || ||%0a|| [[openbsd/pf|Packet Filter]] || Network || PF Guide || Extend VPS 1 week ||%0a|| [[pfctl/usage|pfctl]] || Network || PF Guide || Control packet filter ||%0a%0a||! Networking ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[ifconfig/wifi|WiFi]] || Network || Configure WiFi || ||%0a|| [[ifconfig/wifitoethernet|WiFi to Ethernet]] || Network || WiFi to Ethernet || ||%0a|| [[ifconfig/bridge|bridge]] || Network || Bridge interface || ||%0a|| [[ifconfig/vlan|vlan]] || Network || vlan interface || ||%0a|| [[ifconfig/veb|veb]] || Network || veb interface || ||%0a|| [[ifconfig/vether|vether]] || Network || Virtual Ethernet interface || ||%0a|| [[ifconfig/carp|carp]] || Network || CARP interface || ||%0a|| [[ifconfig/gre|gre]] || Network || GRE interface || ||%0a|| [[ifconfig/mgre|mgre]] || Network || MGRE interface || ||%0a|| [[ifconfig/egre|egre]] || Network || EGRE interface || ||%0a|| [[ifconfig/eoip|eoip]] || Network || eoip interface || ||%0a|| [[ifconfig/etherip|etherip]] || Network || etherip interface || ||%0a|| [[ifconfig/vxlan|vxlan]] || Network || vxlan interface || ||%0a|| [[ifconfig/mpe|mpe]] || Network || mpe interface || ||%0a|| [[ifconfig/mpip|mpip]] || Network || mpip interface || ||%0a|| [[ifconfig/mpw|mpw]] || Network || mpw interface || ||%0a|| [[ifconfig/bpe|bpe]] || Network || bpe interface || ||%0a|| [[ifconfig/pppoe|pppoe]] || Network || pppoe interface || ||%0a|| [[ifconfig/sppp|sppp]] || Network || sppp interface || ||%0a|| [[ifconfig/tpmr|tpmr]] || Network || tpmr interface || ||%0a|| [[ifconfig/trunk|trunk]] || Network || trunk interface || ||%0a|| [[ifconfig/aggr|aggr]] || Network || aggr interface || ||%0a|| [[ifconfig/urndis|urndis]] || Network || urndis interface || ||%0a|| [[ifconfig/pflow|pflow]] || Network || pflow interface || ||%0a|| [[ifconfig/pfsync|pfsync]] || Network || pfsync interface || ||%0a|| [[gre/6in4vmm|6-in-4 gre (vmm)]] || Network || Tunnel IPv6 inside IPv4 with GRE (vmm) || ||%0a|| [[gre/6in4|6-in-4 gre]] || Network || Tunnel IPv6 inside IPv4 with GRE || ||%0a|| [[gre/4in6|4-in-6 gre]] || Network || Tunnel IPv4 inside IPv6 with GRE || ||%0a|| [[ifconfig/wg|wg]] || Network || WireGuard interface || ||%0a|| [[ifconfig/tap|tap]] || Network || Ethernet tunnel pseudo-device interface || ||%0a|| [[ifconfig/tun|tun]] || Network || Network tunnel pseudo-device interface || ||%0a%0a||! Domain Name Lookup ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[dns/overview|DNS Overview]] || DNS || Learn the Domain Name System || ||%0a|| [[unwind/configure|unwind]] || Network || Validating DNS resolver || ||%0a|| [[unbound/configure|unbound]] || DNS || Configure a local caching nameserver || ||%0a|| [[unbound/dnssec-|DNSSec for Unbound]] || DNS || Add DNSSec for unbound || ||%0a|| [[dig/usage|dig]] || DNS || Troubleshoot DNS records with dig || ||%0a|| [[host/usage|host]] || DNS || Troubleshoot DNS records with host || ||%0a|| [[hostname/usage|hostname]] || DNS || Set hostname || ||%0a|| [[hosts/configure|Configure /etc/hosts]] || BSD || Host and network name database || Apply for IRC operator ||%0a%0a||! Name Server ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[netizen/become|Become a Netizen]] || Civics || || ||%0a|| [[netizen/rights|Netizen Rights]] || Civics || || ||%0a|| [[dns/records|DNS Records]] || DNS || Understand DNS record types || ||%0a|| [[dns/registrars|Name Registrars]] || DNS || Choose a name registrar || ||%0a|| [[dns/FQDN|FQDN]] || DNS || Understand FQDN and $ORIGIN || ||%0a|| [[nsd/configure|Configure NSD]] || DNS || Configure name server for custom domains || ||%0a|| [[dns/zonefile|Zone File]] || DNS || || ||%0a|| [[nsd/zone|NSD Zone]] || DNS || || Extend VPS 1 week ||%0a|| [[nsd/masterslave|nsd master slave]] || DNS || || ||%0a|| [[nsd/troubleshoot|Troubleshooting NSD]] || DNS || || ||%0a|| [[DNS/rDNS|rDNS]] || DNS || Configure reverse DNS for vhosts and email || ||%0a|| [[DNS/Ipv4rDNS|IPv4 rDNS]] || DNS || Configure IPv4 reverse DNS || ||%0a|| [[DNS/Ipv6rDNS|IPv6 rDNS]] || DNS || Configure IPv6 reverse DNS || Extend VPS 1 week ||%0a%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/unix|Unix Work Ethic]] || Civics || || ||%0a|| [[dns/vhost|vhost]] || DNS || Create custom vhost || ||%0a|| [[identd/configure|identd]] || Security || Provide ident to stop abuse || ||%0a%0a||! Mail Server ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[freedom/federation|Federation]] || Civics || || ||%0a|| [[opensmtpd/maildir|OpenSMTPd (with Maildir)]] || Mail || Configure your mail server (using Maildir) || ||%0a|| [[DNS/Mail|DNS for Mail]] || Mail || Create DNS records for email || ||%0a|| [[DNS/SPF]] || Mail || Configure SPF records to avoid the spam folder || ||%0a|| [[DNS/DKIM]] || Mail || Configure DKIM records to avoid the SPAM folder || ||%0a|| [[DNS/DMARC]] || Mail || Configure DMARC records to block phishing and spam || ||%0a|| [[netcat/SMTP|netcat SMTP]] || Network || Troubleshoot SMTP with netcat || ||%0a|| [[Opensmtpd/Test|SMTP Testing]] || Mail || Send a test letter || ||%0a|| [[Opensmtpd/Inbox|Getting inboxed]] || Mail || Getting inboxed || ||%0a|| [[Opensmtpd/Openrelay|Open Mail Relay]] || Mail || Block open mail relay to avoid sending spam || ||%0a|| [[smtp/usage|smtp]] || Mail || SMTP client || ||%0a|| [[spamd/configure|spamd]] || Mail || Configure spam filter || ||%0a|| [[opensmtpd/aliases|aliases]] || Mail || Configure aliases for mail || ||%0a%0a||! Simple Network Management Protocol ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[snmpd/configure|snmpd]] || SNMP || Configure SNMPd || ||%0a|| [[snmp/configure|snmp]] || SNMP || Configure SNMP || ||%0a%0a|| [[sensorsd/configure|sensorsd]] || BSD || sensorsd || ||%0a%0a||! LDAP ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[ldapd/configure|ldapd]] || LDAP || Configure ldapd || ||%0a%0a%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Servers/Rights|Servers' Rights]] || Civics || Servers' Rights || ||%0a|| [[Minutemin/Code|Minutemin's Code]] || Civics || Recite the Code of Honor || ||%0a%0a||! Version Control ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Minutemin/Duty|Call of Duty]] || Civics || The Call of Duty || ||%0a|| [[cvsweb/restore|Restore from CVSweb]] || Code || Learn how to restore files with CVSweb || ||%0a|| [[got/usage|got]] || Code || Set up got version control (clone of git) || ||%0a|| [[got/repo|got repo]] || Code || Set up got repo || ||%0a|| [[got/server|got server]] || Code || Set up got server || ||%0a|| [[got/mirror|got mirror]] || Code || Set up got mirror || ||%0a|| [[gotweb/install|gotweb]] || Code || Set up got web access || Extend VPS 1 week ||%0a%0a||! Disk Setup and Backups ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Minutemin/Server|Minutemin's Server]] || Civics || The Minutemin's Server || ||%0a|| [[openbsd/dump|dump]] || BSD || Backup a partition || ||%0a|| [[openrsync/usage|openrsync]] || BSD || Backup and sync files || ||%0a|| [[openbsd/fdisk|fdisk]] || BSD || Partition Hard Disk || ||%0a|| [[openbsd/disklabel|disklabel]] || BSD || Edit Partitions || ||%0a|| [[disklabel/partitioning|disklabel partitioning]] || BSD || Partition New Hard Disk || ||%0a|| [[newfs/usage|newfs]] || BSD || Construct a new filesystem || ||%0a|| [[mount/usage|mount]] || BSD || Mount partitions || ||%0a|| [[openbsd/newdisk|newdisk]] || BSD || Add a New Hard Disk || ||%0a|| [[mfs/usage|mfs]] || BSD || Construct a memory-based filesystem || ||%0a|| [[ffs/intro|FFS]] || BSD || Learn about the Fast Filesystem || ||%0a|| [[fsck/usage|fsck]] || BSD || Filesystem check consistency check || ||%0a|| [[openbsd/quota]] || BSD || Edit disk quotas || ||%0a|| [[openbsd/growfs|growfs]] || BSD || Grow a Disk Partition || Get shell account on server ||%0a%0a||! RAID ||||||||%0a|| [[softraid/install|softraid]] || BSD || Configuring software RAID || ||%0a|| [[softraid/rebuild|Rebuild softraid]] || BSD || Rebuilding software RAID || ||%0a%0a||! File servers ||||||||%0a|| [[exports/configure|nfsd]] || BSD || Configure NFS || ||%0a|| [[nfsd/configure|nfsd]] || BSD || Serve files over NFS || ||%0a|| [[mount_nfs/usage|mount_nfs]] || BSD || Mount NFS filesystems || ||%0a|| [[mountd/configure|nfsd]] || BSD || Automatically mount NFS filesystems || ||%0a|| [[ftpd/configure|ftpd]] || BSD || Serve files over FTP || ||%0a|| [[tftpd/configure|tftpd]] || BSD || Serve files over TFTP || ||%0a%0a||! Text Processing ||||||||%0a|| [[sed/usage|sed]] || BSD || sed scripting || ||%0a|| [[awk/usage|awk]] || BSD || awk scripting || ||%0a|| [[roff/usage|roff]] || BSD || roff || ||%0a%0a||! Shell Scripting ||||||||%0a|| [[ksh/intro|ksh intro]] || BSD || shell scripting || ||%0a|| [[perl101/perl101|perl intro]] || BSD || perl scripting || ||%0a%0a||! Virtual Machine ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[vmm/intro|VMM Intro]] || BSD || Intro to the VMM Hypervisor || ||%0a|| [[vmctl/usage|Vmctl User Guide]] || BSD || Control your VPS || ||%0a|| [[cu/usage|cu]] || BSD || Serial terminal emulator || ||%0a|| [[vmctl/newdisk|Add disk to VM]] || BSD || Add new storage disk to VPS || ||%0a|| [[vmctl/reinstall|Reinstall VM]] || BSD || Reinstall OpenBSD inside VMM || ||%0a|| [[vmm/install|Install OpenBSD inside VMM]] || BSD || Install OpenBSD inside VMM || ||%0a|| [[openbsd/install|Install OpenBSD]] || BSD || Install OpenBSD || ||%0a|| [[openbsd/upgrade|Upgrade OpenBSD]] || BSD || Upgrade OpenBSD || ||%0a|| [[openbsd/sysupgrade|OpenBSD Sysupgrade]] || BSD || Sysupgrade OpenBSD || ||%0a|| [[vmm/sysupgrade|Vmm Sysupgrade]] || BSD || Sysupgrade OpenBSD VMM Host || ||%0a|| [[sysmerge/usage|sysmerge]] || BSD || Merge conf files after upgrade || ||%0a|| [[openbsd/bsdrd|bsd.rd]] || BSD || Install/Upgrade/Repair with Ramdisk || ||%0a|| [[openbsd/singleuser|Single User Mode]] || BSD || Boot OpenBSD into single user mode || ||%0a|| [[OpenBSD.ResetPassword|Reset root password]] || BSD || Reset root password || ||%0a|| [[openbsd/autoinstall|autoinstall]] || BSD || Unattended autoinstall || ||%0a%0a||! VMM Hosting ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[vmm/configure|Configure VMM]] || Network || Offer Hosting with VMM || ||%0a|| [[hosting/providers|Hosting Providers]] || Network || Choose a Hosting Provider || ||%0a|| [[dhcpd/configure|Configure DHCP server]] || Network || Configure DHCP server || ||%0a|| [[rad/configure|Configure rad server]] || Network || Set up Router Advertisements for IPv6 || ||%0a|| [[slaacd/configure|Configure slaacd daemon]] || Network || Configure slaacd daemon || ||%0a|| [[openbsd/diskless|diskless]] || BSD || Run OpenBSD on diskless systems || Acquire admin access ||%0a%0a||! System Bootup ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[rc/conf|rc.conf]] || BSD || System daemon configuration || ||%0a%0a||! System Logging ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[syslogd/configure|syslogd]] || BSD || Configure system logging || ||%0a|| [[syslogd/remote|Remote syslogd]] || BSD || Configure remote system logging || ||%0a|| [[newsyslog/configure|newsyslog]] || BSD || Log rotation || ||%0a%0a||! System Logging ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[sendbug/usage|send]] || BSD || sendbug || ||%0a|| [[openbsd/mail|OpenBSD mailing list]] || BSD || OpenBSD mailing list || ||%0a%0a||! Civics ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Freedom/Independence|Independence]] || Civics || Declaration of Network Independence || ||%0a|| [[ircnow/constitution|Constitution]] || Civics || Read the Constitution and Bill of Rights || ||%0a|| [[freedom/union|United We Serve]] || Civics || || ||%0a|| [[freedom/privacy|Privacy]] || Civics || Right to Privacy || ||%0a|| [[freedom/homestead|Homestead VPS]] || Civics || || ||%0a|| [[freedom/madeonirc|Made on IRC]] || Civics || || ||%0a|| [[freedom/startupdream|The Startup Dream]] || Civics || || ||%0a|| [[freedom/dueprocess|Due Process]] || Civics || || ||%0a|| [[freedom/checks|Checks and Balances]] || Civics || || ||%0a|| [[freedom/rulebylaw|Rule by Law]] || Civics || || Extend VPS 1 week ||%0a%0a||! Miscellaneous ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/ports|ports]] || BSD || Install software from ports tree || ||%0a|| [[Pkgadd.CheckUpdates-|pkg_add updates]] || BSD || Keep software updated || ||%0a|| [[ntpd/configure|ntpd]] || Network || Update date and time from network automatically || Extend VPS 1 week ||%0a%0a||! Stopping Abuse ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[abuse/intro|Abuse Guide]] || Security || Investigation techniques to report criminals || ||%0a|| [[team/security|Team Security]] || Security || Prevent security leaks || Extend VPS 1 week ||%0a%0a||! Security ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Password/Management|Manage Passwords]] || Shell || Create secure passwords || ||%0a|| [[Openssl/Encryptfile|Encrypt Files]] || Shell || Encrypt files with OpenSSL || ||%0a|| [[signify/verify|signify]] || Security || Verify OpenBSD software || ||%0a|| [[shell/limits]] || Security || Setting resource limits || ||%0a|| [[openbsd/FilePermissions|File Permissions]] || Security || Fix insecure file permissions || Extend VPS 1 week ||%0a|| [[pledge/intro|pledge]] || Security || Restrict system operations || ||%0a|| [[unveil/intro|unveil]] || Security || Unveil parts of restricted filesystems || ||%0a|| [[openbsd/setuid]] || Security || Audit setuid root binaries || ||%0a|| [[security/usage|security]] || Security || Security checks || ||%0a|| [[team/security]] || Security || Team security || ||%0a%0a||! Routing ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[vlan/configure|Configure vlan]] || Network || Configure vlan || ||%0a|| [[pair/configure|pair]] || Network || Configure pair interface || ||%0a|| [[veb/configure|Configure veb]] || Network || Configure veb || ||%0a|| [[bridge/configure|Configure bridge]] || Network || Configure bridge || ||%0a|| [[nat/configure|Configure nat]] || Network || Configure NAT || ||%0a|| [[route/static|Static routing]] || Network || Configure static routing || ||%0a|| [[ripd/configure|RIPd]] || Network || Configure RIPd || ||%0a|| [[route6d/configure|route6d]] || Network || Configure route6d || ||%0a|| [[ospfd/configure|OSPFd]] || Network || Configure OSPFd || ||%0a|| [[bgpd/configure|BGPd]] || Network || Configure BGPd || ||%0a|| [[dhcpd/configure|Configure DHCP server]] || Network || || ||%0a|| [[dvmrpd/configure|DVMRPd]] || Network || Configure DVMRPd || ||%0a|| [[mrouted/configure|mrouted]] || Network || Configure Multicast Routing || ||%0a|| [[npppd/configure|Configure npppd server]] || Network || Configure npppd server || ||%0a|| [[dhcpleased/configure|Configure DHCP client]] || Network || || ||%0a%0a||! VPNs and Proxies ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[iked/sitetosite|Site-to-site IPsec]] || Security || Provide site-to-site IPsec VPN || ||%0a|| [[iked/sitetositevmm|Site-to-site IPsec (vmm)]] || Security || Emulate site-to-site IPsec VPN with VMM || ||%0a|| [[iked/roadwarrior|Road warrior IPsec]] || Network || Provide Roadwarrior IPsec VPNs || ||%0a|| [[iked/roadwarriorvmm|Road warrior IPsec (vmm) ]] || Network || Emulate Roadwarrior IPsec VPNs || ||%0a|| [[vpn/vpn|VPN clients]] || Security || Configure IPsec VPN client || ||%0a|| [[vpn/myipaddress|Test VPN]] || Security || Test IP address behind VPN || ||%0a|| [[iked/binat|Binat IPsec]] || Network || Host home from with IPsec || ||%0a%0a||! Secure Shell ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[sshd/configure|sshd]] || Security || Configure and start sshd || ||%0a|| [[ssh/fingerprints|ssh fingerprints]] || Security || Verify SSH fingerprints || ||%0a|| [[ssh/agent|ssh agent]] || Security || Configure ssh agent || ||%0a|| [[OpenSSH/connect|OpenSSH]] || Security || Configure ssh and connect securely || ||%0a|| [[OpenSSH/Keygen|Generate SSH Keys]] || Security || Generate SSH keys || Extend VPS 1 week ||%0a|| [[openbsd/sshkeys|SSH keys]] || Security || Verify ssh keys || ||%0a|| [[openbsd/sshbackdoor|SSH backdoor]] || Security || Configure ssh side channel to avoid DDoS || ||%0a|| [[sftp/chroot|Chroot SFTP]] || Security || Configure sftp inside a chroot || ||%0a|| [[sshd/chroot|Chroot sshd]] || Network || Configure ssh users inside a chroot || ||%0a|| [[openrsync/chroot|Chroot openrsync]] || Network || Configure openrsync inside a chroot || Extend VPS 1 week ||%0a%0a||! Further Reading ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[openbsd/books|OpenBSD Books]] || BSD || OpenBSD recommended reading || ||%0a|| [[unix/reading|Unix Books]] || BSD || Unix recommended reading || ||%0a%0a||! Minutemin ||||||||%0a||! Lesson ||! Topic ||! Description ||! Reward ||%0a|| [[Team/Welcome|Welcome to the Team]] || Civics || Learn Team Responsibilities || ||%0a|| [[Team/Testing|Testing Servers]] || Civics || Learn Team Procedure for Testing || ||%0a|| [[Team/Announce|Announcements]] || Civics || Announce downtime and updates for users || Extend VPS 1 week ||%0a
+time=1731551165
title=Admin Forces Training
+author:1731551165=jrmu
+diff:1731551165:1731469150:=24a25%0a> || [[Openhttpd/Website|OpenHTTPd Website]] || Web || Set up your website || Extend VPS 1 week ||%0a27d27%0a%3c || [[Openhttpd/Website|OpenHTTPd Website]] || Web || Set up your website || Extend VPS 1 week ||%0a
+host:1731551165=198.251.82.194
author:1731469150=jrmu
diff:1731469150:1731467407:=22d21%0a%3c || [[tls/san|Subject Alternative Names]] || Network || TLS and Subject Alternative Names || ||%0a
host:1731469150=198.251.82.194
blob - 3cfbc0793a1bfbe61e3026f435d8d84b2fb57310
blob + ab3a8a00ad983693afcdddf7055c2a12f53f7a94
--- wiki.d/Almanack.Almanack
+++ wiki.d/Almanack.Almanack
ctime=1614490687
host=138.43.182.133
name=Almanack.Almanack
-rev=603
-targets=Lists.Ircnow,Minutemin.Code,Minutemin.Server,Minutemin.Duty,Minutemin.Questions,Minutemin.Progress,Medals.Intro,Team.Welcome,Team.Testing,Servers.Rights,Team.Announce,Team.Federation,Ircnow.Dogfood,Team.Networks,Congress.Procedure,Congress.Documents,Ircnow.Milestones,Ircnow.Roadmap2021,Ircnow.Roadmap2022,Ircnow.Roadmap2023,Ircnow.Roadmap,Ircnow.Status2022,CodeForce.Deploy,Abuse.Code,Ambassador.Markets,Ircnow.Metrics,Ircnow.Nsf,Ircnow.Newdeal,Ircnow.Daughtersofliberty,Netizen.Ellisisland,User.Welcome,Netizen.Become,Netizen.Rights,Freedom.Selfadmin,Freedom.Independence,Freedom.Fork,Ircnow.Constitution,Freedom.Religion,Freedom.Firstamendment,Freedom.Software,Freedom.Privacy,Freedom.Homestead,Freedom.Madeonirc,Freedom.Unix,Freedom.Startupdream,Freedom.Openforeveryone,Freedom.Dueprocess,Freedom.Checks,Freedom.Rulebylaw,Freedom.Federation,Freedom.Union,Freedom.Universal,Freedom.Radio,Ircnow.Education,Openbsd.Intro,Vmm.Configure,Vmm.Install,Vmctl.Usage,Vmm.Linux,Vmm.Sysupgrade,Vmctl.Disk,Vmctl.Reinstall,Vmm.Intro,Vmm.DebianIso,Vmm.DebianInstall,Vmm.Debian,Vmm.Optimize,Vmm.Ubuntu,Vmm.DevuanIso,Vmm.Devuan-ISO,Vmm.Alpine,Vmm.Arch,Vmm.Plan9,Vmm.Router,Vmm.Homerouter,Ipmi.Java,Openbsd.BBB,Openbsd.Orangepi3lts,Openbsd.Upgrade67,Openbsd.Upgrade68,Openbsd.Upgrade69,Openbsd.Upgrade74,Openbsd.Upgrade75,Openbsd.Sysupgrade68,Openbsd.Sysupgrade69,Openbsd.Sysupgrade70,Openbsd.Sysupgrade71,Openbsd.Sysupgrade72,Openbsd.Sysupgrade73,Openbsd.Sysupgrade74,Openbsd.Sysupgrade75,Openbsd.Sysupgrade,Openbsd.Install67,Openbsd.Install68,Openbsd.Install69,Openbsd.Install70,Openbsd.Install71,Openbsd.Install73,Openbsd.Install74,Openbsd.Install75,Openbsd.Install,Openbsd.Bsdrd,OpenBSD.OnOVH,Openbsd.Bootconf,Openbsd.Singleuser,Openbsd.Books,OpenBSD.ResetPassword,License.Publicdomain,Gpl.Flaws,Bsd.Hope,Bsd.Labor,License.Discriminatory,Tcpip.Overview,IPv4.Overview,IPv6.Overview,Tcpip.Sockets,Ip.Netmask,Tcpip.Ports,Buyvm.Ipv6,Openbsd.Anycast,Hostnameif.Static,Hostnameif.Static-v2,Ifconfig.Change,IP.Myaddress,Almanack.Ifconfig,Route.Usage,Openbsd.Wifi,Resolv.Conf,Hostname.Usage,Route.Hostnameif,Dhcpd.Configure,Openbsd.Npppd,Openbsd.Pppoe,Ntpd.Configure,Dhclient.Configure,Route.Sourceaddr,Ifconfig.Wifitoethernet,Gre.6in4,Gre.6in4nat,Openbsd.Pf,Pf.Guide,Openbsd.PFStable,Openbsd.PFTesting,Openbsd.Pfbadhost,Pf.Vpn,Pf.Bittorrent,Ddos.Intro,Openbsd.SSDP,Openbsd.ACKFlood,Openbsd.RSTFlood,Openbsd.SYNFlood,Openbsd.HTTPFlood,Openbsd.NTPAmplification,Openbsd.UDPFlood,Openbsd.Amplification,Openbsd.Ping,Openbsd.Tcpdump,Netcat.Usage,Netcat.Irc,Netcat.Http,Netcat.SMTP,Telnet.Http,Openssl.Http,Openssl.Imap,Openssl.Smtp,Openssl.Check,Openssl.Encryptfile,Bgpd.Configure,Dns.Overview,Dns.Records,Dns.FQDN,Dns.Registrars,Dns.Vhost,Vhost.Freedns,Vhost.Ircnow,Nsd.Configure,Nsd.Masterslave,Nsd.Troubleshoot,DNS.RDNS,Dns.Zonefile,Nsd.Zone,Dns.Troubleshooting,Openbsd.Delphinusdnsd,DNS.Mail,DNS.SPF,DNS.DKIM,DNS.DMARC,DNS.MTA-STS,DNS.Ipv6rDNS,DNS.Ipv4rDNS,Unbound.Configure,Host.Usage,Dig.Usage,Openbsd.Unboundadblock,Unbound.Blacklists,Rbldnsd.Install,Dns.BindResolver,Unbound.LAN,Unbound.DNSSEC,Gpg.Verify,Signify.Verify,Duplicity.Usage,Iked.Configure,Vpn.Vpn,Iked.Newconfig,Vpn.Myipaddress,Iked.Sitetosite,Tor.Torsocks,Tor.Hidden,Tor.Irc,Tls.Overview,Tls.Intro,Tls.CA,Acme-client.Configure,Acme-client.Cron,Relayd.Acceleration,Relayd.TLSMulti,Letsencrypt.Expired,Acme-client.AutoRenew,Dehydrated.Configure,Acmesh.Configure,Sshd.Configure,Ssh.Client,Ssh.Fingerprints,Openbsd.Sshbackdoor,Sshd.Disablepassword,OpenSSH.Keygen,Openssh.Skey,Openssh.Totp,Openbsd.Drawtermssh,Openbsd.Two-FactorAuth,Openbsd.Sftp,Ftpd.Configure,Torrent.Configure,Cvs.Anoncvs,Cvs.Intro,Cvs.Cvsweb,Cvs.Repo,Cvs.Guide,Paster.Install,Fiche.Install,Openbsd.Www,Openhttpd.Configure,Openhttpd.Hosting,Openbsd.Httpopenproxy,Openhttpd.Perl,Openbsd.Php,Openhttpd.Tls,Openhttpd.Website,Openhttpd.CGI,Openhttpd.Chroot,Pmwiki.Install,Pmwiki.Simpleurl,Pmwiki.Replace,Debate.Wikistyle,Ikiwiki.Install,Openbsd.Dokuwiki,Squirrelmail.Install,Roundcube.Install,Wordpress.Install,Openbsd.Oscommerce,Openbsd.Cumulusclips,Openbsd.Fluxbb,Openbsd.Question2answer,Openbsd.H5ai,Openbsd.Easyapp,Openbsd.Manna,NodeJS.Install,Openbsd.Cgit,Stagit.Install,Got.Repo,Gotweb.Install,Got.Usage,Got.Server,Got.Mirror,Mariadb.Install,Irc.Guide,Irc.Chanop,Ngircd.Oper,Irc.Services,Irc.Clients,Irc.Easy,HostServ.Rules,Unrealircd.Install,Almanack.TheloungeWebircClient,Znc.Install,Znc.Chroot,ZNC.Admin,ZNC.Support,Openbsd.ZNCModules,Znc.Patch,Znc.Usage,Znc.Relayd,Znc.I18n,ZNC.Troubleshoot,Znc.Debug,Debate.Zncdefense,Debate.Zncflaws,Soju.Install,Psybnc.Install,Openbsd.Ilines,Ambassador.Ilines,Debate.Ircv3defense,Identd.Configure,Oidentd.Install,Oidentd.ZNC,Oidentd.Changeident,Openbsd.Ii,Openbsd.Sic,Ngircd.Install,Ngircd.Link,Ngircd.Ssl,Ngircd.Sins,Ngircd.Loginconf,Hopm.Install,Openbsd.Acopm,Hopm.Telnet,Openbsd.Hopm-NowWithInit,Hunchentoot.Install,Achurch.Install,Anope.Install,Atheme.Install,Pylink.Install,Pylink.Chroot,Bitlbee.Install,Openbsd.Matterbridge,Eggdrop193.Install,Eggdrop191.Install,Openbsd.Tcltls,Eggdrop184.Install,Eggdrop.Nickserv,Wraith.Chroot,Openbsd.Wraith,Openbsd.Biblebot,Botnow.Install,Openbsd.Ircrelayd,Category.Perl,Openbsd.CPAN,Unix101.Unix101,Unix101.Wechall,C101.C101,Debate.WhyNotC,Almanack.C,C.Cprimer,Openbsd.Vi,Openbsd.Mg,Openbsd.Ed,Emacs.Emacs,Opensmtpd.Configure,Openbsd.Opensmtpd-relay,Openbsd.Opensmtpd-2,Openbsd.Mailopenproxy,Opensmtpd.Troubleshoot,Opensmtpd.Openrelay,Opensmtpd.Test,Rspamd.Configure,Opensmtpd.Inbox,Almanack.AdvancedMailServerSetup,Dovecot.Install,Mlmmj.Install,Mlmmj-archivist.Install,Mutt.Connect,Openbsd.Fdm,Openbsd.Newdisk,Fdisk.Usage,Openbsd.Disklabel,Openbsd.Growfs,Openbsd.Pkg,Openbsd.Ports,Pkgadd.CheckUpdates,Doas.Configure,Syspatch.Syspatch,Openbsd.Cron,Rcctl.Rcctl,Openbsd.Adduser,Openbsd.Localtime,Dd.Iso,Dd.Usage,Ln.Intro,Tmux.Config,Tmux.Share,Openbsd.XTerm,Openbsd.Backups,Openbsd.Dump,Openbsd.Restore,Openrsync.Usage,Rsync.Usage,Openbsd.Dmesg,Atactl.Usage,Almanack.DumpBackupWithSCP,Openbsd.Fstab,Newfs.Usage,Mount.Usage,Openbsd.Iplookup,Openbsd.Hier,Openbsd.Base64,Openbsd.Uim,Crontab.Edit,Ps.Usage,Kill.Usage,Vi.Intro,Cron.Suppressmail,Openbsd.Vipw,Tar.Usage,Openbsd.Rcctl,Syslogd.Configure,Syslogd.Remote,Openbsd.Panic,Openbsd.Sysctl,Swapctl.Usage,Ffs.Intro,Softraid.Install,Softraid.Rebuild,Disklabel.Usage,Disklabel.Partitioning,Ksh.Bash,Ksh.Redirection,Ksh.Autocomplete,Shell.Limits,Shell.Cronjobs,Openbsd.Outofmemory,Ln.Shell,Openbsd.Freeciv,Openbsd.Openttd,Olympics.Games,Chess.Reading,Chess.Chessgogi,Chess.Tournament,Chess.Limitsbot,Fics.Install,Fics.Admin,Math.Reading,Shelllabs.Intro,Shelllabs.Reading,Shelllabs.Quotes,Shelllabs.Manifesto,Camping.Gear,Openbsd.Minetest,Minetest.Addingarenas,Minetest.Serverlocations,Minetest.Texturestyle,Minetest.Updating,Minetest.Worldbackup,Texlive.Install,Texlive.Sinhala,Asterisk.Install,Sox.Concat,Openbsd.Ffmpeg,Parec.Record,Openbsd.Recordaudio,Ffmpeg.Recordscreen,Leafnode.Install,Webnews.Install,Gazette.Gazette,Openbsd.INN,Openbsd.Gopher,Openbsd.Gophernicus,Openbsd.Geomyidae,Bucky.Install,Prosody.Install,Biboumi.Install,Gomuks.Install,Akkoma.Install,Openbsd.Misc,ISCABBS.ISCABBS,Hosting.Hosting,Hosting.Providers,Hosting.Requirements,Openbsd.Security,Chroot.Intro,Password.Management,MITM.Intro,Openbsd.Phishing,Password.Hashes,Password.Schemes,Password.Words,Openbsd.Dos,Openbsd.Spam,Openbsd.0days,Openbsd.Rootkits,Pledge.Intro,Unveil.Intro,Openbsd.Databaseperms,Openbsd.Secureweb,Openbsd.Trust,Openbsd.Defaultdeny,Openbsd.Loginconf,Openbsd.Ids,Openbsd.Setuid,Openbsd.Sa,Openbsd.Quota,Openbsd.Shell,Police.Intro,Police.Fingerprints,Openbsd.FilePermissions,Openbsd.Oath-toolkit,Doxing.Defense,Team.Security,Sheriff.Intro,Openbsd.Xenodm,Xfce.Install,Fvwm.Configure,Xdefaults.Configure,Synclient.Configure,Cwm.Configure,TigerVNC.Install,TigerVNC.SSH,Wsconsctl.Usage,Fdroid.Install,9.9,9.Shell,9.Install,9.Partdisk,9.Plan9ini,9.Links,9.Shocase,9.Rcpu,9.Drawterm,9.JSDrawterm,9.101,9.Bootcamp,9.9paste,9.Independent,9.Cheatsheet,9.Sysupdate,9.Packages,Rio.Customize,9.Chording,9.Ssh,9.Netcat,9.9gridchan,9.Ideas,Cloud9p.Roadmap,9.9pideas,9.Audio,9.Irc,9.Date,9.Reading,9.Acmemail,9.Splinternet,9.FNS,9.PKI,9.IP,9.Why9,9.Inter9,9.Ramfs,Unix.Reading,BSD.Reading,Debate.Linuxflaws,Unix.Intro,Unix.History,Unix.Exhibit,SIMH.Install,Ircnow.Womenstem,Relays.Relays,Bots.Bots,Code.Code,Opsofliberty.Bootcamp,Civics.Intro,Ircnow.Projects,Vnc.Vnc,WikiTips.WikiTips,License.License,Ircnow.Ally,Ircnow.Victorycores,Ircnow.Opsofliberty,Ircnow.Pioneer,Ircnow.Codeforce,Ircnow.Explorer,Ircnow.Ranger,Ircnow.Settler,Ircnow.Sheriff,Ircnow.Servers,Codeforce.Training,Team.Team,Openbsd.Buyvm,Buyvm.Routedsubnet,Openbsd.Dkimproxy,Openbsd.Opensmtpd,Ircnow.Goals,Openbsd.Rbldns
-text=(:title Poor User's Almanack:)%0a%0aPoor User's illustrated, lessons for the young and old on industry, temperance, frugality, IRC & UNIX.%0a%0aTo administer a free and independent network run by the users themselves.%0a%0a!! IRC Chat Room%0a%0aHang out with us on our IRC training channel at [[ircs://irc.ircnow.org/#wheel|irc.ircnow.org/#wheel]].%0a%0a!! Mailing Lists%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Mailing Lists ||||||||||%0a|| [[lists/ircnow|IRCNow Mailing Lists]] ||||||||||%0a%0a!! Network News%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Training ||||||||||%0a|| [[minutemin/code|Code of Honor]] || [[minutemin/server|My Server]] || [[minutemin/duty|Call of Duty]] || [[minutemin/questions|Good Questions]] || ||%0a|| || [[Minutemin/Progress|Progress]] || [[medals/intro|Medals]] || || ||%0a|| [[team/welcome|Team]] || [[team/testing|Testing sysadmin]] || [[servers/rights|Servers' Rights]] || [[team/announce|Announce]] || [[team/federation]] ||%0a|| [[ircnow/dogfood|Dogfood]] || [[team/networks|IRC Networks]] || || || ||%0a|| [[congress/procedure|Congress Procedure]] || [[congress/documents|Historic Documents]] || [[ircnow/milestones|Milestones]] || || ||%0a|| [[ircnow/roadmap2021|IRCNow Roadmap 2021]] || [[ircnow/roadmap2022|IRCNow Roadmap 2022]] || [[ircnow/roadmap2023|IRCNow Roadmap 2023]] || [[ircnow/roadmap|IRCNow Roadmap]] || ||%0a|| [[ircnow/status2022|Status of the Union 2022]] || || || || ||%0a|| [[CodeForce/Deploy|Deployment Procedure]] || || || || ||%0a|| [[abuse/code|Abuse Code]] || || || || ||%0a|| [[ambassador/markets|Target Markets]] || [[ircnow/metrics|Metrics]] || [[ircnow/nsf|NSF]] || [[ircnow/newdeal|Digital New Deal]] || [[ircnow/daughtersofliberty|Daughters of Liberty]] ||%0a|| [[netizen/ellisisland|Ellis Island]] || || || || ||%0a%0a||! Civics ||||||||||%0a|| Netizenship || [[user/welcome|New User's Welcome]] || [[netizen/become|Become a Netizen]] || [[netizen/rights|Netizen Rights]] || ||%0a|| Independence || [[freedom/selfadmin|Self-Admin]] || [[Freedom/Independence|Declaration]] || [[freedom/fork|Freedom to Fork]] || [[ircnow/constitution|Constitution & Bill of Rights]] ||%0a|| Liberty || [[freedom/religion|Religious Liberty]] || [[freedom/firstamendment|No Central Censor]] || [[freedom/software|Software Freedom]] || [[freedom/privacy|Privacy]] ||%0a|| Opportunity || [[freedom/homestead|Homestead VPS]] || [[freedom/madeonirc|Made on IRC]] || [[freedom/unix|Unix Work Ethic]] || [[freedom/startupdream|The Startup Dream]] ||%0a|| Justice || [[freedom/openforeveryone|Open For Everyone]] || [[freedom/dueprocess|Due Process]] || [[freedom/checks|Checks and Balances]] || [[freedom/rulebylaw|Rule by Law]] ||%0a|| Union || [[freedom/federation|Federation]] || [[freedom/union|United We Serve]] || [[freedom/universal|Universal Access]] || [[freedom/radio|Radio Freedom]] ||%0a|| Education || [[ircnow/education|Higher Education]] || || || ||%0a%0a||! OpenBSD ||||||||||%0a|| OpenBSD || [[openbsd/intro|Intro]] || || || ||%0a|| Virtual Machines || [[vmm/configure|Configure VMM]] || [[vmm/install|VMM Install Guide]] || [[vmctl/usage|VMM User Guide]] || [[vmm/linux|VMM Linux Guide]] ||%0a|| || [[vmm/sysupgrade|Sysupgrade VMM]] || [[vmctl/disk|Vmm new disk]] || [[vmctl/reinstall|Reinstall OS]] || [[vmm/intro|VMM]] ||%0a|| || [[vmm/DebianIso|Debian ISO]] || [[Vmm/DebianInstall|Debian Install]] || || ||%0a|| || [[vmm/debian|VMM Debian Guide]] || [[vmm/optimize|Optimize VMM]] || [[vmm/ubuntu|VMM Ubuntu]] || ||%0a|| || [[vmm/DevuanIso|Devuan Iso]] || [[vmm/Devuan-ISO|Devuan install]] || || ||%0a|| || [[vmm/alpine|VMM Alpine Guide]] || [[vmm/arch|VMM Arch Guide]] || || ||%0a|| [[vmm/plan9|VMM Plan 9]] || || || || ||%0a|| [[vmm/router|vmm router]] || [[vmm/homerouter|VMM home router]] || [[ipmi/java|IPMI Java]] || || ||%0a|| Bare Metal || Dell || Supermicro || [[openbsd/BBB|BeagleBone Black]] || [[openbsd/orangepi3lts|Orange Pi 3 LTS]] ||%0a|| Upgrade || [[openbsd/upgrade67|OpenBSD 6.7 Upgrade]] || [[openbsd/upgrade68|OpenBSD 6.8 Upgrade]] || [[openbsd/upgrade69|OpenBSD 6.9 Upgrade]] || [[openbsd/upgrade74|OpenBSD 7.4 Upgrade]] ||%0a|| || [[openbsd/upgrade75|OpenBSD 7.5 Upgrade]] || || || ||%0a|| Sysupgrade || [[openbsd/sysupgrade68|OpenBSD 6.8 Sysupgrade]] || [[openbsd/sysupgrade69|OpenBSD 6.9 Sysupgrade]] || [[openbsd/sysupgrade70|OpenBSD 7.0 Sysupgrade]] || [[openbsd/sysupgrade71|OpenBSD 7.1 Sysupgrade]] ||%0a|| || [[openbsd/sysupgrade72|OpenBSD 7.2 Sysupgrade]] || [[openbsd/sysupgrade73|OpenBSD 7.3 Sysupgrade]] || [[openbsd/sysupgrade74|OpenBSD 7.4 Sysupgrade]] || [[openbsd/sysupgrade75|OpenBSD 7.5 Sysupgrade]] ||%0a|| || [[openbsd/sysupgrade|OpenBSD Sysupgrade]] || || || ||%0a|| Install || [[openbsd/install67|OpenBSD 6.7 Install]] || [[openbsd/install68|OpenBSD 6.8 Install]] || [[openbsd/install69|OpenBSD 6.9 Install]] || [[openbsd/install70|OpenBSD 7.0 Install]] ||%0a|| || [[openbsd/install71|OpenBSD 7.1 Install]] || [[openbsd/install73|OpenBSD 7.3 Install]] || [[openbsd/install74|OpenBSD 7.4 Install]] || [[openbsd/install75|OpenBSD 7.5 Install]] ||%0a|| [[openbsd/install|OpenBSD Install]] || [[openbsd/bsdrd|OpenBSD Ramdisk Install]] || [[OpenBSD/OnOVH|Install OpenBSD on a OVH VPS]] || || ||%0a|| || [[openbsd/bootconf|boot.conf]] || || || ||%0a|| || [[OpenBSD/ResetPassword]] || [[Openbsd/Singleuser|Single User Mode]] || [[openbsd/books|OpenBSD Books]] || ||%0a%0a(:if false:)%0a|| Philosophy || [[license/publicdomain|License]] || [[gpl/flaws|GPL flaws]] || [[bsd/hope|BSD Hope]] || [[bsd/labor|BSD Labor]] || ||%0a|| || [[license/Discriminatory]] || || || ||%0a(:ifend:)%0a%0a%0a||! Networking ||||||||||%0a|| [[tcpip/overview|TCP/IP]] || [[IPv4/overview|IPv4]] || [[IPv6/overview|IPv6]] || [[tcpip/sockets|sockets]] || [[ip/netmask|Netmasks]] ||%0a|| [[tcpip/ports|TCP/IP ports]] || [[buyvm/ipv6|BuyVM IPv6]] || || || ||%0a|| || [[openbsd/anycast|Anycast Addresses]] || || || ||%0a|| Configure || [[hostnameif/static|Static Networking]] || [[hostnameif/static-v2|Static Networking v2]] || [[ifconfig/change|Change Static Network]] || [[IP/myaddress|My IP address]] ||%0a|| || [[ifconfig|ifconfig]] || [[route/usage|route]] || || [[openbsd/wifi|wifi]] ||%0a|| || [[resolv/conf|Resolv.conf]] || [[hostname/usage|Hostname]] || [[route/hostnameif|Add route to hostname.if]] || ||%0a|| || [[dhcpd/configure|dhcpd]] || [[openbsd/npppd|npppd]] || [[openbsd/pppoe|pppoe]] || [[ntpd/configure|ntpd]] ||%0a|| || [[dhclient/configure|dhclient]] || [[route/sourceaddr|Source address]] || || ||%0a|| || [[ifconfig/wifitoethernet|WiFi to Ethernet]] || [[gre/6in4|6-in-4 GRE]] || [[gre/6in4nat|6-in-4 GRE (with NAT)]] || ||%0a%0a||! Firewall ||||||||||%0a|| [[openbsd/pf|Packet Filter]] || [[pf/guide|PF Guide]] || [[openbsd/PFStable|PF for Stable]] || [[openbsd/PFTesting|PF for Testing]] || [[openbsd/pfbadhost|pfbadhost]] ||%0a|| [[pf/vpn|PF for VPN]] || [[pf/bittorrent|Blocking Torrents]] || || ||%0a|| [[ddos/intro|DDoS Defense]] || [[openbsd/SSDP|SSDP attack]] || [[openbsd/ACKFlood|TCP ack flood]] || [[openbsd/RSTFlood|TCP reset flood]] || [[openbsd/SYNFlood|SYN Flood]] ||%0a|| || [[openbsd/HTTPFlood|HTTP Flood]] || [[openbsd/NTPAmplification|NTP Amplification]] || [[openbsd/UDPFlood|UDP Flood]] || [[openbsd/amplification|amplification attack]] ||%0a||! Troubleshooting ||||||||||%0a|| Network Layer || [[openbsd/ping|ping]] || [[openbsd/tcpdump|tcpdump]] || || ||%0a|| || [[netcat/usage|netcat]] || [[netcat/irc|netcat IRC]] || [[netcat/http|netcat HTTP]] || [[netcat/SMTP|send mail with netcat]] ||%0a|| Application || [[telnet/http|Telnet HTTP]] || [[openssl/http|OpenSSL HTTP]] || [[openssl/imap|OpenSSL IMAP]] || [[openssl/smtp|OpenSSL SMTP]] ||%0a|| || [[openssl/check|Check OpenSSL certs]] || [[openssl/encryptfile|openssl encrypt file]] || || ||%0a%0a||! Routing ||||||||||%0a|| [[bgpd/configure|bgpd configuration]] ||||||||||%0a%0a||! DNS ||||||||||%0a|| [[dns/overview|DNS Overview]] || [[dns/records|DNS Records]] || [[dns/FQDN|FQDN]] || [[dns/registrars|Name Registrars]] || [[dns/vhost|vhost]] ||%0a|| || [[vhost/freedns|FreeDNS vhosts]] || [[vhost/ircnow|IRCNow vhosts]] || || ||%0a||! Authoritative ||||||||||%0a|| [[nsd/configure|nsd]] || [[nsd/masterslave|nsd master slave]] || [[nsd/troubleshoot|Troubleshoot Nsd]] || [[DNS/rDNS|rDNS]] || [[dns/zonefile|Zone File]] ||%0a|| || [[nsd/zone|NSD Zone file]] || [[dns/Troubleshooting|Troubleshooting DNS]] || || ||%0a|| [[openbsd/delphinusdnsd|delphinusdnsd]] || || || || ||%0a|| [[DNS/Mail|DNS for Mail]] || [[DNS/SPF|SPF Records]] || [[DNS/DKIM|DKIM Records]] || [[DNS/DMARC|DMARC Records]] || [[DNS/MTA-STS|MTA-STS records]] ||%0a|| [[DNS/ipv6rDNS|ipv6 rDNS]] || [[DNS/ipv4rDNS|ipv4 rDNS]] || || || ||%0a||! Caching ||||||||||%0a|| [[unbound/configure|unbound]] || [[host/usage|Using host]] || [[dig/usage|Using dig]] || [[openbsd/unboundadblock|unbound adblock]] || ||%0a|| [[unbound/blacklists|DNS Blacklists]] || [[rbldnsd/install|rbldns]] || [[dns/bind_resolver|BIND resolver]] || [[Unbound/LAN|unbound]] ||%0a|| [[unbound/DNSSEC|Unbound DNSSEC]] || || || || ||%0a%0a||! Cryptography ||||||||||%0a||! Signing ||||||||||%0a|| [[gpg/verify|Verify GPG signatures]] || netpgp || [[signify/verify|Verify signify]] || || ||%0a||! Encryption ||||||||||%0a|| [[duplicity/usage|duplicity]] || || || || ||%0a||! VPNs ||||||||||%0a|| IPSec || [[iked/configure|Configure iked]] || [[vpn/vpn|VPN clients]] || [[iked/newconfig|iked new config]] || [[vpn/myipaddress|My IP Address]] ||%0a|| [[iked/sitetosite|Site-to-site VPN]] ||||||||||%0a||! Tor ||||||||||%0a|| Tor || [[tor/torsocks|torsocks]] || [[tor/hidden|Hidden Services]] || [[tor/irc|IRC with Tor]] || ||%0a||! TLS ||||||||||%0a|| [[tls/overview|TLS Overview]] || [[tls/intro|TLS Intro]] || [[tls/CA|Certificate Authorities]] || || ||%0a|| [[acme-client/configure|acme-client]] || [[acme-client/cron|Automating acme-client]] || [[relayd/acceleration|relayd TLS Acceleration]] || [[relayd/TLSMulti|relayd TLS Acceleration Multi]] || [[letsencrypt/expired|Let's Encrypt Expired Cert]] ||%0a|| [[acme-client/AutoRenew|acme-client Automation]] || [[Dehydrated/configure|Dehydrated Setup]] || [[Acmesh/configure|Acme.sh Setup]] ||%0a||! SSH ||||||||||%0a|| || [[sshd/configure|sshd]] || [[ssh/client|ssh]] || [[ssh/fingerprints|SSH keys]] || [[openbsd/sshbackdoor|SSH backdoor]] ||%0a|| [[sshd/disablepassword|Disable Password]] || [[OpenSSH/keygen|Creating ssh keys]] || [[openssh/skey|OpenSSH 2FA with S/key]] || [[openssh/totp|OpenSSH 2FA with TOTP]] || ||%0a|| [[openbsd/Two-FactorAuth]] || [[openbsd/drawtermssh|SSH Drawterm]] || || || ||%0a||! File Transfer ||||||||||%0a|| sftp || [[openbsd/sftp|chrooted sftp]] || || || ||%0a|| ftpd || [[ftpd/configure|FTP server]] || || || ||%0a|| torrent || [[torrent/configure|bittorrent server]] || || || ||%0a%0a||! Version Control ||||||||||%0a|| CVS || [[cvs/anoncvs|anoncvs]] || [[cvs/intro|CVS intro]] || [[cvs/cvsweb|cvsweb]] || ||%0a|| || [[cvs/repo|Create CVS Repos]] || [[cvs/guide|CVS Guide]] || || ||%0a|| pastebin || [[paster/install|Install paster]] || [[fiche/install|Install fiche]] || || ||%0a%0a||! [[openbsd/www|Web]] ||||||||||%0a|| [[openhttpd/configure|OpenHTTPd]] || [[openhttpd/hosting|OpenHTTPd Hosting]] || [[openbsd/httpopenproxy|HTTP open proxies]] || [[openhttpd/perl|Perl for OpenHTTPd]] || [[openbsd/php|php]] ||%0a|| [[openhttpd/tls|OpenHTTPd TLS]] || [[openhttpd/website|OpenHTTPd website]] || [[openhttpd/CGI|OpenHTTPd with C CGI]] || [[openhttpd/chroot|OpenHTTPd chroot]] || ||%0a||! Applications ||||||||||%0a|| PHP || [[pmwiki/install|pmwiki]] || [[pmwiki/simpleurl|simpleurl]] || [[pmwiki/replace|Replace Pmwiki]] || [[debate/wikistyle|Pmwiki Style Guide]] ||%0a|| || [[ikiwiki/install|Ikiwiki]] || [[openbsd/dokuwiki|dokuwiki]] || || ||%0a|| || [[squirrelmail/install|SquirrelMail]] || [[roundcube/install|Install RoundCube]] || [[wordpress/install|Wordpress]] || ||%0a|| || [[openbsd/oscommerce|OSCommerce]] || [[openbsd/cumulusclips|cumulus clips]] || [[openbsd/fluxbb|fluxbb]] || [[openbsd/question2answer|Question2Answer]] ||%0a|| || [[openbsd/h5ai|h5ai]] || [[openbsd/manna]] || [[openbsd/easyapp|EasyApp]] || ||%0a|| [[NodeJS/Install|NodeJS]] || || || || ||%0a|| C || [[openbsd/cgit|cgit]] || [[stagit/install|stagit]] || || ||%0a|| [[got/repo|Got repo]] || [[gotweb/install|gotweb]] || [[got/usage|Using Got]] || [[got/server|got server]] || [[got/mirror|Got mirror]] ||%0a||! Database ||||||||||%0a|| [[Mariadb/install|Mariadb]] ||||||||||%0a%0a||! IRC ||||||||||%0a||! IRC Guides ||||||||||%0a|| IRC || [[irc/guide|IRC101]] || [[irc/chanop|Channel Op Guide]] || [[ngircd/oper|Oper Guide]] || [[irc/services|Services Guide]] ||%0a|| || [[irc/clients|IRC Clients]] || [[irc/easy|IRC made easy]] || ||%0a|| [[HostServ/Rules|HostServ Rules]] || || || || ||%0a|| || [[unrealircd/install|unrealircd]] || [[thelounge Webirc client]] || || ||%0a||! Bouncers ||||||||||%0a|| [[Znc/Install|Install ZNC]] || [[znc/chroot|Install ZNC (chroot)]] || [[ZNC/Admin|ZNC admin]] || [[ZNC/Support|ZNC Support]] || [[openbsd/ZNCModules|ZNC modules]] ||%0a|| [[Znc/Patch|ZNC Patch]] || [[znc/usage|Using ZNC]] || [[znc/relayd|ZNC webpanel (relayd)]] || || ||%0a|| || [[Znc/I18n|ZNC I18n]] || [[ZNC/Troubleshoot|Troubleshoot ZNC]] || || [[znc/debug|Debugging ZNC]] ||%0a|| [[debate/zncdefense|ZNC Defense]] || [[debate/zncflaws|ZNC Flaws]] || || || ||%0a|| [[Soju/Install|Install Soju (with and without chroot)]] ||%0a|| PsyBNC || [[psybnc/install|psybnc]] || || || ||%0a|| BNCs || [[openbsd/ilines|old ilines]] || [[ambassador/ilines|new ilines]] || || ||%0a|| IRCv3 || [[Debate/Ircv3defense|IRCv3 Defense]] || || || ||%0a||! Ident ||||||||||%0a|| Ident || [[identd/configure|identd]] || [[oidentd/install|oidentd install]] || [[oidentd/ZNC|oidentd for znc]] || [[oidentd/changeident|Changing ident]] ||%0a||! Clients ||||||||||%0a|| [[openbsd/ii|ii]] || [[openbsd/sic|sic]] || || || ||%0a||! Servers ||||||||||%0a|| [[ngircd/install|ngircd install]] || [[ngircd/link|ngircd link]] || [[ngircd/ssl|ngircd ssl]] || [[ngircd/sins|ngircd sins]] || [[ngircd/loginconf|Ngircd Login.conf]] ||%0a|| [[hopm/install|hopm]] || [[openbsd/acopm|acopm]] || || [[hopm/telnet|Test hopm]] || ||%0a|| [[Openbsd/Hopm-NowWithInit|HOPM: Now With Init (Advanced-ish)]] || [[hunchentoot/install | Hunchentoot]] ||%0a||! Services ||||||||||%0a|| [[achurch/install|achurch]] || [[anope/install|anope]] || [[atheme/install|atheme]] || || ||%0a||! Relays ||||||||||%0a|| [[pylink/install|pylink]] || [[pylink/chroot|chroot pylink]] || [[bitlbee/install|bitlbee install]] || [[openbsd/matterbridge|matterbridge]] || ||%0a||! Bots ||||||||||%0a|| Eggdrop || [[eggdrop193/install|Install eggdrop 1.9.3]] || [[eggdrop191/install|Install eggdrop 1.9.1]] || [[openbsd/tcltls|tcltls]] || [[eggdrop184/install|Install eggdrop 1.8.4]] ||%0a|| || [[eggdrop/nickserv|Identify with NickServ]] || || || ||%0a|| Channel || [[wraith.chroot|chroot wraith]] || [[openbsd/wraith|install wraith]] || || ||%0a|| Custom || [[openbsd/biblebot|biblebot]] || [[botnow/install|botnow]] || [[openbsd/ircrelayd|ircrelayd]] || ||%0a%0a||! Languages ||||||||||%0a|| [[Category/Perl|Perl]] || [[openbsd/CPAN|CPAN]] || || || ||%0a|| Korn || [[unix101/unix101|unix101]] || [[unix101/wechall|unix101 challenge]] || || ||%0a|| C || [[c101/c101|c101]] || [[debate/WhyNotC|Why Not C]] || [[C|intro]] || [[C/cprimer|c-primer]] ||%0a%0a||! Editors ||||||||||%0a|| [[emacs/emacs]] || [[openbsd/vi|vi]] || [[openbsd/mg|mg]] || [[openbsd/ed|ed]] || ||%0a%0a||! Mail ||||||||||%0a|| OpenSMTPd || [[opensmtpd/configure|opensmtpd]] || [[openbsd/opensmtpd-relay|opensmtpd relay]] || [[openbsd/opensmtpd-2|opensmtpd-2]] || [[openbsd/mailopenproxy|Mail Open Proxy]] ||%0a|| || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] || ||%0a|| [[DNS/Mail|DNS for Mail]] || [[DNS/SPF|SPF Records]] || [[DNS/DKIM|DKIM Records]] || [[DNS/DMARC|DMARC Records]] || ||%0a|| || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server Setup]] || ||%0a|| Mail || [[dovecot/install|dovecot]] || [[mlmmj/install|mlmmj]] || [[mlmmj-archivist/install|mlmmj-archivist]] || ||%0a|| Clients || || [[Mutt.Connect|mutt]] || [[openbsd/fdm|fdm]] || ||%0a%0a||! System Admin ||||||||||%0a|| Disks || [[openbsd/newdisk|Adding a New Disk]] || [[fdisk/usage|fdisk]] || [[openbsd/disklabel|disklabel]] || [[openbsd/growfs|Growfs partition]] ||%0a|| [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || ||%0a|| Utilities || [[doas/configure|sudo, doas]] || [[syspatch/syspatch|syspatch]] || [[openbsd/cron|cron]] || [[rcctl/rcctl|rcctl]] ||%0a|| || [[openbsd/adduser|adduser]] || [[openbsd/localtime|Date and Time]] || [[dd/iso|Flashing USB Image]] || [[dd/usage|dd]] ||%0a|| || [[ln/intro|symbolic links]] || [[tmux/config|tmux Config]] || [[tmux/share|tmux share]] || [[openbsd/XTerm|XTerm]] ||%0a|| [[openbsd/backups|Backups]] || [[openbsd/dump|dump]] || [[openbsd/restore|restore]] || [[openrsync/usage|openrsync]] || [[rsync/usage|rsync usage]] ||%0a|| [[fdisk/usage|fdisk]] || [[Dump Backup With SCP ]] || [[openbsd/fstab]] || [[openbsd/dmesg|dmesg]] || [[atactl/usage|atactl]] ||%0a|| || [[newfs/usage|newfs]] || [[mount/usage|mount]] || || ||%0a|| [[openbsd/iplookup|iplookup]] || [[openbsd/hier|Filesystem hierarchy]] || || [[openbsd/base64|base64]] || [[openbsd/uim|Chinese]] ||%0a|| [[crontab/edit|Editing crontab]] || [[ps/usage|ps process]] || [[kill/usage|Sending signals with kill]] || [[vi/intro|Intro to Vi]] || [[cron/suppressmail|Suppress cron emails]] ||%0a|| [[openbsd/vipw|vipw]] || [[tar/usage|tar usage]] || [[openbsd/rcctl|rcctl]] || [[syslogd/configure|syslogd]] || [[syslogd/remote|Remote syslogd]] ||%0a|| || [[openbsd/panic|kernel panic]] || [[openbsd/sysctl|sysctl]] || [[swapctl/usage|swapctl]] || ||%0a|| || [[ffs/intro|Fast Filesystem]] || [[softraid/install|Install OpenBSD with Softraid]] || [[softraid/rebuild|Rebuilding Softraid]] ||%0a|| || [[disklabel/usage|disklabel]] || [[disklabel/partitioning|Disklabel Partitioning]] || || ||%0a%0a||! Shell ||||||||||%0a|| [[ksh/bash|ksh for bash users]] || [[ksh/redirection|Redirection with Pipes]] || [[ksh/autocomplete|autocomplete for ksh]] || [[shell/limits|Shell Limits]] || [[shell/cronjobs]] ||%0a|| [[openbsd/outofmemory|Out Of Memory]] || [[ln/shell|Symlinks for shells]] || || ||%0a%0a||! Games ||||||||||%0a|| Misc || [[openbsd/freeciv|FreeCiv]] || [[openbsd/openttd|OpenTTD]] || || ||%0a|| Olympics || [[olympics/games|IRCNow Olympics]] || || || ||%0a|| Chess || [[chess/reading|Chess Books]] || [[chess/chessgogi]] || [[chess/tournament]] || [[chess/limitsbot]] ||%0a|| || [[fics/install|Install FICS]] || [[fics/admin|Admin FICS]] || || ||%0a%0a||! Math ||||||||%0a|| [[math/reading]] || || || ||%0a%0a||! Science ||||||||%0a|| [[shelllabs/intro|Shell Labs]] || [[shelllabs/reading]] || [[shelllabs/quotes]] || [[shelllabs/manifesto]] ||%0a%0a||! Camping ||||||||||%0a|| [[Camping/Gear|Camping Gear]] || || || || ||%0a%0a||! Minetest ||||||||||%0a|| [[openbsd/minetest|Minetest]] || || || || ||%0a|| [[minetest/addingarenas|Adding Arenas]] || [[minetest/serverlocations|Server Locations]] || [[minetest/texturestyle|Texture Style Guide]] || [[minetest/updating|Updating the Game]] || [[minetest/worldbackup|World Backup]] ||%0a%0a||! Documents ||||||||||%0a|| LaTeX || [[texlive/install|TexLive]] || [[texlive/sinhala|Sinhala]] || || ||%0a%0a||! Audio/Video ||||||||||%0a|| SIP || [[asterisk/install|asterisk]] || || || ||%0a|| Media || ImageMagick || vorbis || sndiod || [[sox/concat|concat audio files]] ||%0a|| || [[openbsd/ffmpeg|ffmpeg]] || [[parec/record|record audio]] || [[openbsd/recordaudio|Record Audio]] || [[ffmpeg/recordscreen|record screen with ffmpeg]] ||%0a|| || icecast || || || ||%0a%0a%0a||! News ||||||||||%0a|| [[leafnode/install|leafnode]] || [[webnews/install|Web News Install]] || [[Gazette/Gazette|News clients]] || [[openbsd/INN|INN]] || ||%0a||! Gopher ||||||||||%0a|| [[openbsd/gopher|gopher]] || [[openbsd/gophernicus|gophernicus]] || [[openbsd/geomyidae|geomyidae]] || [[bucky/install|Bucky Install]] || ||%0a||! Alt Social Media ||||||||||%0a|| [[prosody/install|prosody]] || [[biboumi/install|biboumi]] || matrix || fediverse || [[gomuks/install|gomuks]] ||%0a|| [[akkoma/install|akkoma]] ||||||||||%0a||! [[openbsd/misc|Misc]] ||||||||||%0a|| [[ISCABBS]] || || || || ||%0a%0a||! [[hosting/hosting|Hosting]] ||||||||||%0a|| [[hosting/providers|Hosting Providers]] || [[openhttpd/hosting|OpenHTTPd Hosting]] || [[hosting/requirements|Hosting Requirements]] || || ||%0a%0a||! [[openbsd/security|Security]] ||||||||||%0a|| Hardening || [[chroot/intro|chroot]] || [[Password/Management|Password Mgmt]] \\%0a[[Password.hashes]] || [[MITM/intro|MITM: Man in the Middle]] || [[openbsd/phishing|Phishing]] ||%0a|| || [[Password/Schemes|Password Schemes]] || [[Password/Words|Passwords with Words]] || || || ||%0a|| [[openbsd/dos|Denial of Service]] || [[openbsd/spam|Spam]] || [[openbsd/0days|0days]] || [[openbsd/rootkits|Rootkits]] || [[pledge/intro|pledge]] ||%0a|| [[unveil/intro|unveil]] || [[openbsd/databaseperms|Database Permissions]] || [[openbsd/secureweb|Secure web apps]] || [[openbsd/trust|Trust]] || [[openbsd/defaultdeny|Default Deny]] ||%0a|| [[openbsd/loginconf|login.conf]] || [[openbsd/ids|Intrusion detection system]] || [[openbsd/setuid|setuid binaries]] || [[openbsd/sa|system accounting]] || [[openbsd/quota|file quotas]] ||%0a|| [[openbsd/File Permissions]] || [[openbsd/shell|Shell Accounts]] || [[police/intro|Policing Guide]] || [[police/fingerprints|Police fingerprints]] ||%0a|| [[openbsd/oath-toolkit|oath-toolkit]] || [[doxing/defense|doxing defense]] || [[team/security|Team security]] ||%0a%0a||! Sheriff ||||||||||%0a|| [[sheriff/intro]] || || || || ||%0a%0a||! Desktop ||||||||||%0a|| X Windows || [[openbsd/Xenodm|Xenodm]] || || || ||%0a|| XFCE || [[xfce/install|Install XFCE]] || || || ||%0a|| FVWM || [[fvwm/configure|Configure FVWM]] || [[Xdefaults/Configure|Configure XDefaults]] || [[synclient/configure|Touchpad]] || [[cwm/configure|Configure cwm]] ||%0a|| VNC || [[TigerVNC/install|Install TigerVNC]] || [[TigerVNC/SSH|TigerVNC with SSH]] || || ||%0a|| || [[wsconsctl/usage|wsconsctl]] || || || ||%0a%0a||! Android ||||||||||%0a|| [[Fdroid/Install|Install F-Droid]] || || || || ||%0a%0a||! VMM ||%0a|| OpenBSD ||%0a|| Linux ||%0a|| Plan9 ||%0a%0a||! Plan 9 ||||||||||%0a|| [[9/9|9 intro]] || [[9/Shell|Plan9 Shells]] || [[9/install|9 Install]] || [[9/partdisk|partdisk]] || [[9/Plan9ini|Plan 9 ini]] ||%0a|| [[9/Drawterm]] || [[9/JSDrawterm]] || [[9/Links|9 Links]] || [[9/shocase|9 Showcase]] || [[9/rcpu|rcpu]] ||%0a|| [[9/101|9 101]] || [[9/bootcamp|9 bootcamp]] || [[9/9paste|9paste]] || [[9/independent|9: Independent]] || [[9/cheatsheet|9 Cheatsheet]] ||%0a|| [[9/sysupdate|sysupdate]] || [[9/packages|3rd party packages]] || [[9/ssh]] || [[rio/customize|Customize rio]] || [[9/chording|mouse chording]]%0a|| [[9/netcat|netcat]] || [[9/9gridchan|9gridchan]] || [[9/ideas|9 Ideas]] || [[cloud9p/roadmap|cloud9p]] || [[9/9pideas|9p Ideas]] ||%0a|| [[9/audio|audio]] || [[9/irc|IRC clients]] || [[9/reading]] || [[9/date|Date and time]] || [[9/acmemail]] ||%0a|| [[9/splinternet]] || [[9/FNS]] || [[9/PKI]] || [[9/IP]] || [[9/Why9]] ||%0a|| [[9/inter9]] || [[9/ramfs]] || || || ||%0a%0a||! Books ||||||||||%0a|| [[linux/reading/Linux Reading]] || [[unix/reading|Unix Reading]] || [[BSD/reading|BSD Reading]] ||%0a%0a||! Linux ||||||||||%0a|| || [[Debate/Linuxflaws|Linux Flaws]] || || || ||%0a%0a||! [[unix/intro|Unix]] ||||||||||||||%0a|| [[unix/history|History of UNIX]] || [[unix/exhibit|Exhibit]] || [[unix/reading|Unix Reading]] || [[SIMH/install]] ||||%0a%0a|| Idea Brainstorm ||||||||||%0a|| [[netizen/ellisisland]] || [[ircnow/newdeal]] || [[ircnow/womenstem]] || || ||%0a%0a||! Work in Progress Ideas ||||||||||%0a|| [[relays/relays|Union Relays]] || [[bots/bots|IRC Bots]] || [[hosting/hosting|Log Cabin Hosting]] || [[gazette/gazette|Gazette News]] || [[code/code|Code Armory]] ||%0a|| [[opsofliberty/bootcamp|Ops Bootcamp]] || [[shelllabs/intro|Shell Labs]] || [[civics/intro|Civics Intro]] || [[ircnow/projects|Software Projects]] || [[vnc/vnc|Screenshare]] ||%0a|| [[vpn/vpn|Patriot VPNs]] || [[netizen/become|Netizenship]] || [[WikiTips.WikiTips|Wiki Tips]] || [[license/license|Licenses]] || [[ircnow/ally|Ally Networks]] ||%0a|| [[Ircnow/victorycores|Victory Cores - Donate a Core]] || || || || ||%0a|| [[ircnow/opsofliberty|Ops of Liberty]] || [[ircnow/pioneer|Pioneer]] || [[ircnow/codeforce|CodeForce]] || [[ircnow/Ally|Ally]] || [[ircnow/explorer|Explorer]] ||%0a|| [[ircnow/ranger|Ranger]] || [[ircnow/settler|Settler]] || [[ircnow/Sheriff|Sheriff]] || [[ircnow/servers|ircnow servers]] || [[codeforce/training|Code Force]] ||%0a%0a||! Team ||||||||||%0a|| [[team/team|Team docs]] || [[openbsd/buyvm|Buyvm Guide]] || [[buyvm/routedsubnet|BuyVM Routed Subnet]] || || ||%0a%0a||! Historical Articles ||||||||||%0a|| [[openbsd/dkimproxy|dkimproxy]] || [[openbsd/opensmtpd|OpenSMTPd]] || [[openbsd/rbldns]] || [[opsofliberty/bootcamp|Ops Bootcamp]] || [[ircnow/goals|IRCNow goals]] ||%0a
-time=1731470919
+rev=618
+targets=Lists.Ircnow,Minutemin.Code,Minutemin.Server,Minutemin.Duty,Minutemin.Questions,Minutemin.Progress,Medals.Intro,Team.Welcome,Team.Testing,Servers.Rights,Team.Announce,Team.Federation,Ircnow.Dogfood,Team.Networks,Congress.Procedure,Congress.Documents,Ircnow.Milestones,Ircnow.Roadmap2021,Ircnow.Roadmap2022,Ircnow.Roadmap2023,Ircnow.Roadmap,Ircnow.Status2022,CodeForce.Deploy,Abuse.Code,Ambassador.Markets,Ircnow.Metrics,Ircnow.Nsf,Ircnow.Newdeal,Ircnow.Daughtersofliberty,Netizen.Ellisisland,User.Welcome,Netizen.Become,Netizen.Rights,Freedom.Selfadmin,Freedom.Independence,Freedom.Fork,Ircnow.Constitution,Freedom.Religion,Freedom.Firstamendment,Freedom.Software,Freedom.Privacy,Freedom.Homestead,Freedom.Madeonirc,Freedom.Unix,Freedom.Startupdream,Freedom.Openforeveryone,Freedom.Dueprocess,Freedom.Checks,Freedom.Rulebylaw,Freedom.Federation,Freedom.Union,Freedom.Universal,Freedom.Radio,Ircnow.Education,Openbsd.Intro,Vmm.Configure,Vmm.Install,Vmctl.Usage,Vmm.Linux,Vmm.Sysupgrade,Vmctl.Disk,Vmctl.Reinstall,Vmm.Intro,Vmm.DebianIso,Vmm.DebianInstall,Vmm.Debian,Vmm.Optimize,Vmm.Ubuntu,Vmm.DevuanIso,Vmm.Devuan-ISO,Vmm.Alpine,Vmm.Arch,Vmm.Plan9,Vmm.Router,Vmm.Homerouter,Ipmi.Java,Openbsd.BBB,Openbsd.Orangepi3lts,Openbsd.Upgrade67,Openbsd.Upgrade68,Openbsd.Upgrade69,Openbsd.Upgrade74,Openbsd.Upgrade75,Openbsd.Sysupgrade68,Openbsd.Sysupgrade69,Openbsd.Sysupgrade70,Openbsd.Sysupgrade71,Openbsd.Sysupgrade72,Openbsd.Sysupgrade73,Openbsd.Sysupgrade74,Openbsd.Sysupgrade75,Openbsd.Sysupgrade,Openbsd.Install67,Openbsd.Install68,Openbsd.Install69,Openbsd.Install70,Openbsd.Install71,Openbsd.Install73,Openbsd.Install74,Openbsd.Install75,Openbsd.Install,Openbsd.Bsdrd,OpenBSD.OnOVH,Openbsd.Bootconf,Openbsd.Singleuser,Openbsd.Books,OpenBSD.ResetPassword,License.Publicdomain,Gpl.Flaws,Bsd.Hope,Bsd.Labor,License.Discriminatory,Tcpip.Overview,IPv4.Overview,IPv6.Overview,Tcpip.Sockets,Ip.Netmask,Tcpip.Ports,Buyvm.Ipv6,Openbsd.Anycast,Hostnameif.Static,Hostnameif.Static-v2,Ifconfig.Change,IP.Myaddress,Almanack.Ifconfig,Route.Usage,Openbsd.Wifi,Resolv.Conf,Hostname.Usage,Route.Hostnameif,Dhcpd.Configure,Openbsd.Npppd,Openbsd.Pppoe,Ntpd.Configure,Dhclient.Configure,Route.Sourceaddr,Ifconfig.Wifitoethernet,Gre.6in4,Gre.6in4nat,Openbsd.Pf,Pf.Guide,Openbsd.PFStable,Openbsd.PFTesting,Openbsd.Pfbadhost,Pf.Vpn,Pf.Bittorrent,Ddos.Intro,Openbsd.SSDP,Openbsd.ACKFlood,Openbsd.RSTFlood,Openbsd.SYNFlood,Openbsd.HTTPFlood,Openbsd.NTPAmplification,Openbsd.UDPFlood,Openbsd.Amplification,Openbsd.Ping,Openbsd.Tcpdump,Netcat.Usage,Netcat.Irc,Netcat.Http,Netcat.SMTP,Telnet.Http,Openssl.Http,Openssl.Imap,Openssl.Smtp,Openssl.Check,Openssl.Encryptfile,Bgpd.Configure,Dns.Overview,Dns.Records,Dns.FQDN,Dns.Registrars,Dns.Vhost,Vhost.Freedns,Vhost.Ircnow,Nsd.Configure,Nsd.Masterslave,Nsd.Troubleshoot,DNS.RDNS,Dns.Zonefile,Nsd.Zone,Dns.Troubleshooting,Openbsd.Delphinusdnsd,DNS.Mail,DNS.SPF,DNS.DKIM,DNS.DMARC,DNS.MTA-STS,DNS.Ipv6rDNS,DNS.Ipv4rDNS,Unbound.Configure,Host.Usage,Dig.Usage,Openbsd.Unboundadblock,Unbound.Blacklists,Rbldnsd.Install,Dns.BindResolver,Unbound.LAN,Unbound.DNSSEC,Gpg.Verify,Signify.Verify,Duplicity.Usage,Iked.Configure,Vpn.Vpn,Iked.Newconfig,Vpn.Myipaddress,Iked.Sitetosite,Tor.Torsocks,Tor.Hidden,Tor.Irc,Tls.Overview,Tls.Intro,Tls.CA,Acme-client.Configure,Acme-client.Cron,Relayd.Acceleration,Relayd.TLSMulti,Letsencrypt.Expired,Acme-client.AutoRenew,Dehydrated.Configure,Acmesh.Configure,Sshd.Configure,Ssh.Client,Ssh.Fingerprints,Openbsd.Sshbackdoor,Sshd.Disablepassword,OpenSSH.Keygen,Openssh.Skey,Openssh.Totp,Openbsd.Drawtermssh,Openbsd.Two-FactorAuth,Openbsd.Sftp,Ftpd.Configure,Torrent.Configure,Cvs.Anoncvs,Cvs.Intro,Cvs.Cvsweb,Cvs.Repo,Cvs.Guide,Paster.Install,Fiche.Install,Openbsd.Www,Openhttpd.Configure,Openhttpd.Hosting,Openbsd.Httpopenproxy,Openhttpd.Perl,Openbsd.Php,Openhttpd.Tls,Openhttpd.Website,Openhttpd.CGI,Openhttpd.Chroot,Pmwiki.Install,Pmwiki.Simpleurl,Pmwiki.Replace,Debate.Wikistyle,Ikiwiki.Install,Openbsd.Dokuwiki,Squirrelmail.Install,Roundcube.Install,Wordpress.Install,Openbsd.Oscommerce,Openbsd.Cumulusclips,Openbsd.Fluxbb,Openbsd.Question2answer,Openbsd.H5ai,Openbsd.Easyapp,Openbsd.Manna,NodeJS.Install,Openbsd.Cgit,Stagit.Install,Got.Repo,Gotweb.Install,Got.Usage,Got.Server,Got.Mirror,Mariadb.Install,Irc.Guide,Irc.Chanop,Ngircd.Oper,Irc.Services,Irc.Clients,Irc.Easy,HostServ.Rules,Unrealircd.Install,Almanack.TheloungeWebircClient,Znc.Install,Znc.Chroot,ZNC.Admin,ZNC.Support,Openbsd.ZNCModules,Znc.Patch,Znc.Usage,Znc.Relayd,Znc.I18n,ZNC.Troubleshoot,Znc.Debug,Debate.Zncdefense,Debate.Zncflaws,Soju.Install,Psybnc.Install,Openbsd.Ilines,Ambassador.Ilines,Debate.Ircv3defense,Identd.Configure,Oidentd.Install,Oidentd.ZNC,Oidentd.Changeident,Openbsd.Ii,Openbsd.Sic,Ngircd.Install,Ngircd.Link,Ngircd.Ssl,Ngircd.Sins,Ngircd.Loginconf,Hopm.Install,Openbsd.Acopm,Hopm.Telnet,Openbsd.Hopm-NowWithInit,Hunchentoot.Install,Achurch.Install,Anope.Install,Atheme.Install,Pylink.Install,Pylink.Chroot,Bitlbee.Install,Openbsd.Matterbridge,Eggdrop193.Install,Eggdrop191.Install,Openbsd.Tcltls,Eggdrop184.Install,Eggdrop.Nickserv,Wraith.Chroot,Openbsd.Wraith,Openbsd.Biblebot,Botnow.Install,Openbsd.Ircrelayd,Category.Perl,Openbsd.CPAN,Unix101.Unix101,Unix101.Wechall,C101.C101,Debate.WhyNotC,Almanack.C,C.Cprimer,Openbsd.Vi,Openbsd.Mg,Openbsd.Ed,Emacs.Emacs,Opensmtpd.Configure,Openbsd.Opensmtpd-relay,Openbsd.Opensmtpd-2,Openbsd.Mailopenproxy,Opensmtpd.Troubleshoot,Opensmtpd.Openrelay,Opensmtpd.Test,AdvancedMailServer.Install,Rspamd.Configure,Opensmtpd.Inbox,Dovecot.Install,Mlmmj.Install,Mlmmj-archivist.Install,Mutt.Connect,Openbsd.Fdm,Openbsd.Newdisk,Fdisk.Usage,Openbsd.Disklabel,Openbsd.Growfs,Openbsd.Pkg,Openbsd.Ports,Pkgadd.CheckUpdates,Almanack.SystemStatsSh,Doas.Configure,Syspatch.Syspatch,Openbsd.Cron,Rcctl.Rcctl,Openbsd.Adduser,Openbsd.Localtime,Dd.Iso,Dd.Usage,Ln.Intro,Tmux.Config,Tmux.Share,Openbsd.XTerm,Openbsd.Backups,Openbsd.Dump,Openbsd.Restore,Openrsync.Usage,Rsync.Usage,Openbsd.Dmesg,Atactl.Usage,Almanack.DumpBackupWithSCP,Openbsd.Fstab,Newfs.Usage,Mount.Usage,Openbsd.Iplookup,Openbsd.Hier,Openbsd.Base64,Openbsd.Uim,Crontab.Edit,Ps.Usage,Kill.Usage,Vi.Intro,Cron.Suppressmail,Openbsd.Vipw,Tar.Usage,Openbsd.Rcctl,Syslogd.Configure,Syslogd.Remote,Openbsd.Panic,Openbsd.Sysctl,Swapctl.Usage,Ffs.Intro,Softraid.Install,Softraid.Rebuild,Disklabel.Usage,Disklabel.Partitioning,Ksh.Bash,Ksh.Redirection,Ksh.Autocomplete,Shell.Limits,Shell.Cronjobs,Openbsd.Outofmemory,Ln.Shell,Openbsd.Freeciv,Openbsd.Openttd,Olympics.Games,Chess.Reading,Chess.Chessgogi,Chess.Tournament,Chess.Limitsbot,Fics.Install,Fics.Admin,Math.Reading,Shelllabs.Intro,Shelllabs.Reading,Shelllabs.Quotes,Shelllabs.Manifesto,Camping.Gear,Openbsd.Minetest,Minetest.Addingarenas,Minetest.Serverlocations,Minetest.Texturestyle,Minetest.Updating,Minetest.Worldbackup,Texlive.Install,Texlive.Sinhala,Asterisk.Install,Sox.Concat,Openbsd.Ffmpeg,Parec.Record,Openbsd.Recordaudio,Ffmpeg.Recordscreen,Leafnode.Install,Webnews.Install,Gazette.Gazette,Openbsd.INN,Openbsd.Gopher,Openbsd.Gophernicus,Openbsd.Geomyidae,Bucky.Install,Prosody.Install,Biboumi.Install,Gomuks.Install,Akkoma.Install,Openbsd.Misc,ISCABBS.ISCABBS,Hosting.Hosting,Hosting.Providers,Hosting.Requirements,Openbsd.Security,Chroot.Intro,Password.Management,MITM.Intro,Openbsd.Phishing,Password.Hashes,Password.Schemes,Password.Words,Openbsd.Dos,Openbsd.Spam,Openbsd.0days,Openbsd.Rootkits,Pledge.Intro,Unveil.Intro,Openbsd.Databaseperms,Openbsd.Secureweb,Openbsd.Trust,Openbsd.Defaultdeny,Openbsd.Loginconf,Openbsd.Ids,Openbsd.Setuid,Openbsd.Sa,Openbsd.Quota,Openbsd.Shell,Police.Intro,Police.Fingerprints,Openbsd.FilePermissions,Openbsd.Oath-toolkit,Doxing.Defense,Team.Security,Sheriff.Intro,Openbsd.Xenodm,Xfce.Install,Fvwm.Configure,Xdefaults.Configure,Synclient.Configure,Cwm.Configure,TigerVNC.Install,TigerVNC.SSH,Wsconsctl.Usage,Fdroid.Install,9.9,9.Shell,9.Install,9.Partdisk,9.Plan9ini,9.Links,9.Shocase,9.Rcpu,9.Drawterm,9.JSDrawterm,9.101,9.Bootcamp,9.9paste,9.Independent,9.Cheatsheet,9.Sysupdate,9.Packages,Rio.Customize,9.Chording,9.Ssh,9.Netcat,9.9gridchan,9.Ideas,Cloud9p.Roadmap,9.9pideas,9.Audio,9.Irc,9.Date,9.Reading,9.Acmemail,9.Splinternet,9.FNS,9.PKI,9.IP,9.Why9,9.Inter9,9.Ramfs,Unix.Reading,BSD.Reading,Debate.Linuxflaws,Unix.Intro,Unix.History,Unix.Exhibit,SIMH.Install,Ircnow.Womenstem,Relays.Relays,Bots.Bots,Code.Code,Opsofliberty.Bootcamp,Civics.Intro,Ircnow.Projects,Vnc.Vnc,WikiTips.WikiTips,License.License,Ircnow.Ally,Ircnow.Victorycores,Ircnow.Opsofliberty,Ircnow.Pioneer,Ircnow.Codeforce,Ircnow.Explorer,Ircnow.Ranger,Ircnow.Settler,Ircnow.Sheriff,Ircnow.Servers,Codeforce.Training,Team.Team,Openbsd.Buyvm,Buyvm.Routedsubnet,Openbsd.Dkimproxy,Openbsd.Opensmtpd,Ircnow.Goals,Openbsd.Rbldns
+text=(:title Poor User's Almanack:)%0a%0aPoor User's illustrated, lessons for the young and old on industry, temperance, frugality, IRC & UNIX.%0a%0aTo administer a free and independent network run by the users themselves.%0a%0a!! IRC Chat Room%0a%0aHang out with us on our IRC training channel at [[ircs://irc.ircnow.org/#wheel|irc.ircnow.org/#wheel]].%0a%0a!! Mailing Lists%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Mailing Lists ||||||||||%0a|| [[lists/ircnow|IRCNow Mailing Lists]] ||||||||||%0a%0a!! Network News%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Training ||||||||||%0a|| [[minutemin/code|Code of Honor]] || [[minutemin/server|My Server]] || [[minutemin/duty|Call of Duty]] || [[minutemin/questions|Good Questions]] || ||%0a|| || [[Minutemin/Progress|Progress]] || [[medals/intro|Medals]] || || ||%0a|| [[team/welcome|Team]] || [[team/testing|Testing sysadmin]] || [[servers/rights|Servers' Rights]] || [[team/announce|Announce]] || [[team/federation]] ||%0a|| [[ircnow/dogfood|Dogfood]] || [[team/networks|IRC Networks]] || || || ||%0a|| [[congress/procedure|Congress Procedure]] || [[congress/documents|Historic Documents]] || [[ircnow/milestones|Milestones]] || || ||%0a|| [[ircnow/roadmap2021|IRCNow Roadmap 2021]] || [[ircnow/roadmap2022|IRCNow Roadmap 2022]] || [[ircnow/roadmap2023|IRCNow Roadmap 2023]] || [[ircnow/roadmap|IRCNow Roadmap]] || ||%0a|| [[ircnow/status2022|Status of the Union 2022]] || || || || ||%0a|| [[CodeForce/Deploy|Deployment Procedure]] || || || || ||%0a|| [[abuse/code|Abuse Code]] || || || || ||%0a|| [[ambassador/markets|Target Markets]] || [[ircnow/metrics|Metrics]] || [[ircnow/nsf|NSF]] || [[ircnow/newdeal|Digital New Deal]] || [[ircnow/daughtersofliberty|Daughters of Liberty]] ||%0a|| [[netizen/ellisisland|Ellis Island]] || || || || ||%0a%0a||! Civics ||||||||||%0a|| Netizenship || [[user/welcome|New User's Welcome]] || [[netizen/become|Become a Netizen]] || [[netizen/rights|Netizen Rights]] || ||%0a|| Independence || [[freedom/selfadmin|Self-Admin]] || [[Freedom/Independence|Declaration]] || [[freedom/fork|Freedom to Fork]] || [[ircnow/constitution|Constitution & Bill of Rights]] ||%0a|| Liberty || [[freedom/religion|Religious Liberty]] || [[freedom/firstamendment|No Central Censor]] || [[freedom/software|Software Freedom]] || [[freedom/privacy|Privacy]] ||%0a|| Opportunity || [[freedom/homestead|Homestead VPS]] || [[freedom/madeonirc|Made on IRC]] || [[freedom/unix|Unix Work Ethic]] || [[freedom/startupdream|The Startup Dream]] ||%0a|| Justice || [[freedom/openforeveryone|Open For Everyone]] || [[freedom/dueprocess|Due Process]] || [[freedom/checks|Checks and Balances]] || [[freedom/rulebylaw|Rule by Law]] ||%0a|| Union || [[freedom/federation|Federation]] || [[freedom/union|United We Serve]] || [[freedom/universal|Universal Access]] || [[freedom/radio|Radio Freedom]] ||%0a|| Education || [[ircnow/education|Higher Education]] || || || ||%0a%0a||! OpenBSD ||||||||||%0a|| OpenBSD || [[openbsd/intro|Intro]] || || || ||%0a|| Virtual Machines || [[vmm/configure|Configure VMM]] || [[vmm/install|VMM Install Guide]] || [[vmctl/usage|VMM User Guide]] || [[vmm/linux|VMM Linux Guide]] ||%0a|| || [[vmm/sysupgrade|Sysupgrade VMM]] || [[vmctl/disk|Vmm new disk]] || [[vmctl/reinstall|Reinstall OS]] || [[vmm/intro|VMM]] ||%0a|| || [[vmm/DebianIso|Debian ISO]] || [[Vmm/DebianInstall|Debian Install]] || || ||%0a|| || [[vmm/debian|VMM Debian Guide]] || [[vmm/optimize|Optimize VMM]] || [[vmm/ubuntu|VMM Ubuntu]] || ||%0a|| || [[vmm/DevuanIso|Devuan Iso]] || [[vmm/Devuan-ISO|Devuan install]] || || ||%0a|| || [[vmm/alpine|VMM Alpine Guide]] || [[vmm/arch|VMM Arch Guide]] || || ||%0a|| [[vmm/plan9|VMM Plan 9]] || || || || ||%0a|| [[vmm/router|vmm router]] || [[vmm/homerouter|VMM home router]] || [[ipmi/java|IPMI Java]] || || ||%0a|| Bare Metal || Dell || Supermicro || [[openbsd/BBB|BeagleBone Black]] || [[openbsd/orangepi3lts|Orange Pi 3 LTS]] ||%0a|| Upgrade || [[openbsd/upgrade67|OpenBSD 6.7 Upgrade]] || [[openbsd/upgrade68|OpenBSD 6.8 Upgrade]] || [[openbsd/upgrade69|OpenBSD 6.9 Upgrade]] || [[openbsd/upgrade74|OpenBSD 7.4 Upgrade]] ||%0a|| || [[openbsd/upgrade75|OpenBSD 7.5 Upgrade]] || || || ||%0a|| Sysupgrade || [[openbsd/sysupgrade68|OpenBSD 6.8 Sysupgrade]] || [[openbsd/sysupgrade69|OpenBSD 6.9 Sysupgrade]] || [[openbsd/sysupgrade70|OpenBSD 7.0 Sysupgrade]] || [[openbsd/sysupgrade71|OpenBSD 7.1 Sysupgrade]] ||%0a|| || [[openbsd/sysupgrade72|OpenBSD 7.2 Sysupgrade]] || [[openbsd/sysupgrade73|OpenBSD 7.3 Sysupgrade]] || [[openbsd/sysupgrade74|OpenBSD 7.4 Sysupgrade]] || [[openbsd/sysupgrade75|OpenBSD 7.5 Sysupgrade]] ||%0a|| || [[openbsd/sysupgrade|OpenBSD Sysupgrade]] || || || ||%0a|| Install || [[openbsd/install67|OpenBSD 6.7 Install]] || [[openbsd/install68|OpenBSD 6.8 Install]] || [[openbsd/install69|OpenBSD 6.9 Install]] || [[openbsd/install70|OpenBSD 7.0 Install]] ||%0a|| || [[openbsd/install71|OpenBSD 7.1 Install]] || [[openbsd/install73|OpenBSD 7.3 Install]] || [[openbsd/install74|OpenBSD 7.4 Install]] || [[openbsd/install75|OpenBSD 7.5 Install]] ||%0a|| [[openbsd/install|OpenBSD Install]] || [[openbsd/bsdrd|OpenBSD Ramdisk Install]] || [[OpenBSD/OnOVH|Install OpenBSD on a OVH VPS]] || || ||%0a|| || [[openbsd/bootconf|boot.conf]] || || || ||%0a|| || [[OpenBSD/ResetPassword]] || [[Openbsd/Singleuser|Single User Mode]] || [[openbsd/books|OpenBSD Books]] || ||%0a%0a(:if false:)%0a|| Philosophy || [[license/publicdomain|License]] || [[gpl/flaws|GPL flaws]] || [[bsd/hope|BSD Hope]] || [[bsd/labor|BSD Labor]] || ||%0a|| || [[license/Discriminatory]] || || || ||%0a(:ifend:)%0a%0a%0a||! Networking ||||||||||%0a|| [[tcpip/overview|TCP/IP]] || [[IPv4/overview|IPv4]] || [[IPv6/overview|IPv6]] || [[tcpip/sockets|sockets]] || [[ip/netmask|Netmasks]] ||%0a|| [[tcpip/ports|TCP/IP ports]] || [[buyvm/ipv6|BuyVM IPv6]] || || || ||%0a|| || [[openbsd/anycast|Anycast Addresses]] || || || ||%0a|| Configure || [[hostnameif/static|Static Networking]] || [[hostnameif/static-v2|Static Networking v2]] || [[ifconfig/change|Change Static Network]] || [[IP/myaddress|My IP address]] ||%0a|| || [[ifconfig|ifconfig]] || [[route/usage|route]] || || [[openbsd/wifi|wifi]] ||%0a|| || [[resolv/conf|Resolv.conf]] || [[hostname/usage|Hostname]] || [[route/hostnameif|Add route to hostname.if]] || ||%0a|| || [[dhcpd/configure|dhcpd]] || [[openbsd/npppd|npppd]] || [[openbsd/pppoe|pppoe]] || [[ntpd/configure|ntpd]] ||%0a|| || [[dhclient/configure|dhclient]] || [[route/sourceaddr|Source address]] || || ||%0a|| || [[ifconfig/wifitoethernet|WiFi to Ethernet]] || [[gre/6in4|6-in-4 GRE]] || [[gre/6in4nat|6-in-4 GRE (with NAT)]] || ||%0a%0a||! Firewall ||||||||||%0a|| [[openbsd/pf|Packet Filter]] || [[pf/guide|PF Guide]] || [[openbsd/PFStable|PF for Stable]] || [[openbsd/PFTesting|PF for Testing]] || [[openbsd/pfbadhost|pfbadhost]] ||%0a|| [[pf/vpn|PF for VPN]] || [[pf/bittorrent|Blocking Torrents]] || || ||%0a|| [[ddos/intro|DDoS Defense]] || [[openbsd/SSDP|SSDP attack]] || [[openbsd/ACKFlood|TCP ack flood]] || [[openbsd/RSTFlood|TCP reset flood]] || [[openbsd/SYNFlood|SYN Flood]] ||%0a|| || [[openbsd/HTTPFlood|HTTP Flood]] || [[openbsd/NTPAmplification|NTP Amplification]] || [[openbsd/UDPFlood|UDP Flood]] || [[openbsd/amplification|amplification attack]] ||%0a||! Troubleshooting ||||||||||%0a|| Network Layer || [[openbsd/ping|ping]] || [[openbsd/tcpdump|tcpdump]] || || ||%0a|| || [[netcat/usage|netcat]] || [[netcat/irc|netcat IRC]] || [[netcat/http|netcat HTTP]] || [[netcat/SMTP|send mail with netcat]] ||%0a|| Application || [[telnet/http|Telnet HTTP]] || [[openssl/http|OpenSSL HTTP]] || [[openssl/imap|OpenSSL IMAP]] || [[openssl/smtp|OpenSSL SMTP]] ||%0a|| || [[openssl/check|Check OpenSSL certs]] || [[openssl/encryptfile|openssl encrypt file]] || || ||%0a%0a||! Routing ||||||||||%0a|| [[bgpd/configure|bgpd configuration]] ||||||||||%0a%0a||! DNS ||||||||||%0a|| [[dns/overview|DNS Overview]] || [[dns/records|DNS Records]] || [[dns/FQDN|FQDN]] || [[dns/registrars|Name Registrars]] || [[dns/vhost|vhost]] ||%0a|| || [[vhost/freedns|FreeDNS vhosts]] || [[vhost/ircnow|IRCNow vhosts]] || || ||%0a||! Authoritative ||||||||||%0a|| [[nsd/configure|nsd]] || [[nsd/masterslave|nsd master slave]] || [[nsd/troubleshoot|Troubleshoot Nsd]] || [[DNS/rDNS|rDNS]] || [[dns/zonefile|Zone File]] ||%0a|| || [[nsd/zone|NSD Zone file]] || [[dns/Troubleshooting|Troubleshooting DNS]] || || ||%0a|| [[openbsd/delphinusdnsd|delphinusdnsd]] || || || || ||%0a|| [[DNS/Mail|DNS for Mail]] || [[DNS/SPF|SPF Records]] || [[DNS/DKIM|DKIM Records]] || [[DNS/DMARC|DMARC Records]] || [[DNS/MTA-STS|MTA-STS records]] ||%0a|| [[DNS/ipv6rDNS|ipv6 rDNS]] || [[DNS/ipv4rDNS|ipv4 rDNS]] || || || ||%0a||! Caching ||||||||||%0a|| [[unbound/configure|unbound]] || [[host/usage|Using host]] || [[dig/usage|Using dig]] || [[openbsd/unboundadblock|unbound adblock]] || ||%0a|| [[unbound/blacklists|DNS Blacklists]] || [[rbldnsd/install|rbldns]] || [[dns/bind_resolver|BIND resolver]] || [[Unbound/LAN|unbound]] ||%0a|| [[unbound/DNSSEC|Unbound DNSSEC]] || || || || ||%0a%0a||! Cryptography ||||||||||%0a||! Signing ||||||||||%0a|| [[gpg/verify|Verify GPG signatures]] || netpgp || [[signify/verify|Verify signify]] || || ||%0a||! Encryption ||||||||||%0a|| [[duplicity/usage|duplicity]] || || || || ||%0a||! VPNs ||||||||||%0a|| IPSec || [[iked/configure|Configure iked]] || [[vpn/vpn|VPN clients]] || [[iked/newconfig|iked new config]] || [[vpn/myipaddress|My IP Address]] ||%0a|| [[iked/sitetosite|Site-to-site VPN]] ||||||||||%0a||! Tor ||||||||||%0a|| Tor || [[tor/torsocks|torsocks]] || [[tor/hidden|Hidden Services]] || [[tor/irc|IRC with Tor]] || ||%0a||! TLS ||||||||||%0a|| [[tls/overview|TLS Overview]] || [[tls/intro|TLS Intro]] || [[tls/CA|Certificate Authorities]] || || ||%0a|| [[acme-client/configure|acme-client]] || [[acme-client/cron|Automating acme-client]] || [[relayd/acceleration|relayd TLS Acceleration]] || [[relayd/TLSMulti|relayd TLS Acceleration Multi]] || [[letsencrypt/expired|Let's Encrypt Expired Cert]] ||%0a|| [[acme-client/AutoRenew|acme-client Automation]] || [[Dehydrated/configure|Dehydrated Setup]] || [[Acmesh/configure|Acme.sh Setup]] ||%0a||! SSH ||||||||||%0a|| || [[sshd/configure|sshd]] || [[ssh/client|ssh]] || [[ssh/fingerprints|SSH keys]] || [[openbsd/sshbackdoor|SSH backdoor]] ||%0a|| [[sshd/disablepassword|Disable Password]] || [[OpenSSH/keygen|Creating ssh keys]] || [[openssh/skey|OpenSSH 2FA with S/key]] || [[openssh/totp|OpenSSH 2FA with TOTP]] || ||%0a|| [[openbsd/Two-FactorAuth]] || [[openbsd/drawtermssh|SSH Drawterm]] || || || ||%0a||! File Transfer ||||||||||%0a|| sftp || [[openbsd/sftp|chrooted sftp]] || || || ||%0a|| ftpd || [[ftpd/configure|FTP server]] || || || ||%0a|| torrent || [[torrent/configure|bittorrent server]] || || || ||%0a%0a||! Version Control ||||||||||%0a|| CVS || [[cvs/anoncvs|anoncvs]] || [[cvs/intro|CVS intro]] || [[cvs/cvsweb|cvsweb]] || ||%0a|| || [[cvs/repo|Create CVS Repos]] || [[cvs/guide|CVS Guide]] || || ||%0a|| pastebin || [[paster/install|Install paster]] || [[fiche/install|Install fiche]] || || ||%0a%0a||! [[openbsd/www|Web]] ||||||||||%0a|| [[openhttpd/configure|OpenHTTPd]] || [[openhttpd/hosting|OpenHTTPd Hosting]] || [[openbsd/httpopenproxy|HTTP open proxies]] || [[openhttpd/perl|Perl for OpenHTTPd]] || [[openbsd/php|php]] ||%0a|| [[openhttpd/tls|OpenHTTPd TLS]] || [[openhttpd/website|OpenHTTPd website]] || [[openhttpd/CGI|OpenHTTPd with C CGI]] || [[openhttpd/chroot|OpenHTTPd chroot]] || ||%0a||! Applications ||||||||||%0a|| PHP || [[pmwiki/install|pmwiki]] || [[pmwiki/simpleurl|simpleurl]] || [[pmwiki/replace|Replace Pmwiki]] || [[debate/wikistyle|Pmwiki Style Guide]] ||%0a|| || [[ikiwiki/install|Ikiwiki]] || [[openbsd/dokuwiki|dokuwiki]] || || ||%0a|| || [[squirrelmail/install|SquirrelMail]] || [[roundcube/install|Install RoundCube]] || [[wordpress/install|Wordpress]] || ||%0a|| || [[openbsd/oscommerce|OSCommerce]] || [[openbsd/cumulusclips|cumulus clips]] || [[openbsd/fluxbb|fluxbb]] || [[openbsd/question2answer|Question2Answer]] ||%0a|| || [[openbsd/h5ai|h5ai]] || [[openbsd/manna]] || [[openbsd/easyapp|EasyApp]] || ||%0a|| [[NodeJS/Install|NodeJS]] || || || || ||%0a|| C || [[openbsd/cgit|cgit]] || [[stagit/install|stagit]] || || ||%0a|| [[got/repo|Got repo]] || [[gotweb/install|gotweb]] || [[got/usage|Using Got]] || [[got/server|got server]] || [[got/mirror|Got mirror]] ||%0a||! Database ||||||||||%0a|| [[Mariadb/install|Mariadb]] ||||||||||%0a%0a||! IRC ||||||||||%0a||! IRC Guides ||||||||||%0a|| IRC || [[irc/guide|IRC101]] || [[irc/chanop|Channel Op Guide]] || [[ngircd/oper|Oper Guide]] || [[irc/services|Services Guide]] ||%0a|| || [[irc/clients|IRC Clients]] || [[irc/easy|IRC made easy]] || ||%0a|| [[HostServ/Rules|HostServ Rules]] || || || || ||%0a|| || [[unrealircd/install|unrealircd]] || [[thelounge Webirc client]] || || ||%0a||! Bouncers ||||||||||%0a|| [[Znc/Install|Install ZNC]] || [[znc/chroot|Install ZNC (chroot)]] || [[ZNC/Admin|ZNC admin]] || [[ZNC/Support|ZNC Support]] || [[openbsd/ZNCModules|ZNC modules]] ||%0a|| [[Znc/Patch|ZNC Patch]] || [[znc/usage|Using ZNC]] || [[znc/relayd|ZNC webpanel (relayd)]] || || ||%0a|| || [[Znc/I18n|ZNC I18n]] || [[ZNC/Troubleshoot|Troubleshoot ZNC]] || || [[znc/debug|Debugging ZNC]] ||%0a|| [[debate/zncdefense|ZNC Defense]] || [[debate/zncflaws|ZNC Flaws]] || || || ||%0a|| [[Soju/Install|Install Soju (with and without chroot)]] ||%0a|| PsyBNC || [[psybnc/install|psybnc]] || || || ||%0a|| BNCs || [[openbsd/ilines|old ilines]] || [[ambassador/ilines|new ilines]] || || ||%0a|| IRCv3 || [[Debate/Ircv3defense|IRCv3 Defense]] || || || ||%0a||! Ident ||||||||||%0a|| Ident || [[identd/configure|identd]] || [[oidentd/install|oidentd install]] || [[oidentd/ZNC|oidentd for znc]] || [[oidentd/changeident|Changing ident]] ||%0a||! Clients ||||||||||%0a|| [[openbsd/ii|ii]] || [[openbsd/sic|sic]] || || || ||%0a||! Servers ||||||||||%0a|| [[ngircd/install|ngircd install]] || [[ngircd/link|ngircd link]] || [[ngircd/ssl|ngircd ssl]] || [[ngircd/sins|ngircd sins]] || [[ngircd/loginconf|Ngircd Login.conf]] ||%0a|| [[hopm/install|hopm]] || [[openbsd/acopm|acopm]] || || [[hopm/telnet|Test hopm]] || ||%0a|| [[Openbsd/Hopm-NowWithInit|HOPM: Now With Init (Advanced-ish)]] || [[hunchentoot/install | Hunchentoot]] ||%0a||! Services ||||||||||%0a|| [[achurch/install|achurch]] || [[anope/install|anope]] || [[atheme/install|atheme]] || || ||%0a||! Relays ||||||||||%0a|| [[pylink/install|pylink]] || [[pylink/chroot|chroot pylink]] || [[bitlbee/install|bitlbee install]] || [[openbsd/matterbridge|matterbridge]] || ||%0a||! Bots ||||||||||%0a|| Eggdrop || [[eggdrop193/install|Install eggdrop 1.9.3]] || [[eggdrop191/install|Install eggdrop 1.9.1]] || [[openbsd/tcltls|tcltls]] || [[eggdrop184/install|Install eggdrop 1.8.4]] ||%0a|| || [[eggdrop/nickserv|Identify with NickServ]] || || || ||%0a|| Channel || [[wraith.chroot|chroot wraith]] || [[openbsd/wraith|install wraith]] || || ||%0a|| Custom || [[openbsd/biblebot|biblebot]] || [[botnow/install|botnow]] || [[openbsd/ircrelayd|ircrelayd]] || ||%0a%0a||! Languages ||||||||||%0a|| [[Category/Perl|Perl]] || [[openbsd/CPAN|CPAN]] || || || ||%0a|| Korn || [[unix101/unix101|unix101]] || [[unix101/wechall|unix101 challenge]] || || ||%0a|| C || [[c101/c101|c101]] || [[debate/WhyNotC|Why Not C]] || [[C|intro]] || [[C/cprimer|c-primer]] ||%0a%0a||! Editors ||||||||||%0a|| [[emacs/emacs]] || [[openbsd/vi|vi]] || [[openbsd/mg|mg]] || [[openbsd/ed|ed]] || ||%0a%0a||! Mail ||||||||||%0a|| OpenSMTPd || [[opensmtpd/configure|opensmtpd]] || [[openbsd/opensmtpd-relay|opensmtpd relay]] || [[openbsd/opensmtpd-2|opensmtpd-2]] || [[openbsd/mailopenproxy|Mail Open Proxy]] ||%0a|| || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] || [[Advanced Mail Server/install]] || %0a|| [[DNS/Mail|DNS for Mail]] || [[DNS/SPF|SPF Records]] || [[DNS/DKIM|DKIM Records]] || [[DNS/DMARC|DMARC Records]] || ||%0a|| || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| || ||%0a|| Mail || [[dovecot/install|dovecot]] || [[mlmmj/install|mlmmj]] || [[mlmmj-archivist/install|mlmmj-archivist]] || ||%0a|| Clients || || [[Mutt.Connect|mutt]] || [[openbsd/fdm|fdm]] || ||%0a%0a||! System Admin ||||||||||%0a|| Disks || [[openbsd/newdisk|Adding a New Disk]] || [[fdisk/usage|fdisk]] || [[openbsd/disklabel|disklabel]] || [[openbsd/growfs|Growfs partition]] ||%0a|| [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || [[ SystemStats,sh ]]%0a|| Utilities || [[doas/configure|sudo, doas]] || [[syspatch/syspatch|syspatch]] || [[openbsd/cron|cron]] || [[rcctl/rcctl|rcctl]] ||%0a|| || [[openbsd/adduser|adduser]] || [[openbsd/localtime|Date and Time]] || [[dd/iso|Flashing USB Image]] || [[dd/usage|dd]] ||%0a|| || [[ln/intro|symbolic links]] || [[tmux/config|tmux Config]] || [[tmux/share|tmux share]] || [[openbsd/XTerm|XTerm]] ||%0a|| [[openbsd/backups|Backups]] || [[openbsd/dump|dump]] || [[openbsd/restore|restore]] || [[openrsync/usage|openrsync]] || [[rsync/usage|rsync usage]] ||%0a|| [[fdisk/usage|fdisk]] || [[Dump Backup With SCP ]] || [[openbsd/fstab]] || [[openbsd/dmesg|dmesg]] || [[atactl/usage|atactl]] ||%0a|| || [[newfs/usage|newfs]] || [[mount/usage|mount]] || || ||%0a|| [[openbsd/iplookup|iplookup]] || [[openbsd/hier|Filesystem hierarchy]] || || [[openbsd/base64|base64]] || [[openbsd/uim|Chinese]] ||%0a|| [[crontab/edit|Editing crontab]] || [[ps/usage|ps process]] || [[kill/usage|Sending signals with kill]] || [[vi/intro|Intro to Vi]] || [[cron/suppressmail|Suppress cron emails]] ||%0a|| [[openbsd/vipw|vipw]] || [[tar/usage|tar usage]] || [[openbsd/rcctl|rcctl]] || [[syslogd/configure|syslogd]] || [[syslogd/remote|Remote syslogd]] ||%0a|| || [[openbsd/panic|kernel panic]] || [[openbsd/sysctl|sysctl]] || [[swapctl/usage|swapctl]] || ||%0a|| || [[ffs/intro|Fast Filesystem]] || [[softraid/install|Install OpenBSD with Softraid]] || [[softraid/rebuild|Rebuilding Softraid]] ||%0a|| || [[disklabel/usage|disklabel]] || [[disklabel/partitioning|Disklabel Partitioning]] || || ||%0a%0a||! Shell ||||||||||%0a|| [[ksh/bash|ksh for bash users]] || [[ksh/redirection|Redirection with Pipes]] || [[ksh/autocomplete|autocomplete for ksh]] || [[shell/limits|Shell Limits]] || [[shell/cronjobs]] ||%0a|| [[openbsd/outofmemory|Out Of Memory]] || [[ln/shell|Symlinks for shells]] || || ||%0a%0a||! Games ||||||||||%0a|| Misc || [[openbsd/freeciv|FreeCiv]] || [[openbsd/openttd|OpenTTD]] || || ||%0a|| Olympics || [[olympics/games|IRCNow Olympics]] || || || ||%0a|| Chess || [[chess/reading|Chess Books]] || [[chess/chessgogi]] || [[chess/tournament]] || [[chess/limitsbot]] ||%0a|| || [[fics/install|Install FICS]] || [[fics/admin|Admin FICS]] || || ||%0a%0a||! Math ||||||||%0a|| [[math/reading]] || || || ||%0a%0a||! Science ||||||||%0a|| [[shelllabs/intro|Shell Labs]] || [[shelllabs/reading]] || [[shelllabs/quotes]] || [[shelllabs/manifesto]] ||%0a%0a||! Camping ||||||||||%0a|| [[Camping/Gear|Camping Gear]] || || || || ||%0a%0a||! Minetest ||||||||||%0a|| [[openbsd/minetest|Minetest]] || || || || ||%0a|| [[minetest/addingarenas|Adding Arenas]] || [[minetest/serverlocations|Server Locations]] || [[minetest/texturestyle|Texture Style Guide]] || [[minetest/updating|Updating the Game]] || [[minetest/worldbackup|World Backup]] ||%0a%0a||! Documents ||||||||||%0a|| LaTeX || [[texlive/install|TexLive]] || [[texlive/sinhala|Sinhala]] || || ||%0a%0a||! Audio/Video ||||||||||%0a|| SIP || [[asterisk/install|asterisk]] || || || ||%0a|| Media || ImageMagick || vorbis || sndiod || [[sox/concat|concat audio files]] ||%0a|| || [[openbsd/ffmpeg|ffmpeg]] || [[parec/record|record audio]] || [[openbsd/recordaudio|Record Audio]] || [[ffmpeg/recordscreen|record screen with ffmpeg]] ||%0a|| || icecast || || || ||%0a%0a%0a||! News ||||||||||%0a|| [[leafnode/install|leafnode]] || [[webnews/install|Web News Install]] || [[Gazette/Gazette|News clients]] || [[openbsd/INN|INN]] || ||%0a||! Gopher ||||||||||%0a|| [[openbsd/gopher|gopher]] || [[openbsd/gophernicus|gophernicus]] || [[openbsd/geomyidae|geomyidae]] || [[bucky/install|Bucky Install]] || ||%0a||! Alt Social Media ||||||||||%0a|| [[prosody/install|prosody]] || [[biboumi/install|biboumi]] || matrix || fediverse || [[gomuks/install|gomuks]] ||%0a|| [[akkoma/install|akkoma]] ||||||||||%0a||! [[openbsd/misc|Misc]] ||||||||||%0a|| [[ISCABBS]] || || || || ||%0a%0a||! [[hosting/hosting|Hosting]] ||||||||||%0a|| [[hosting/providers|Hosting Providers]] || [[openhttpd/hosting|OpenHTTPd Hosting]] || [[hosting/requirements|Hosting Requirements]] || || ||%0a%0a||! [[openbsd/security|Security]] ||||||||||%0a|| Hardening || [[chroot/intro|chroot]] || [[Password/Management|Password Mgmt]] \\%0a[[Password.hashes]] || [[MITM/intro|MITM: Man in the Middle]] || [[openbsd/phishing|Phishing]] ||%0a|| || [[Password/Schemes|Password Schemes]] || [[Password/Words|Passwords with Words]] || || || ||%0a|| [[openbsd/dos|Denial of Service]] || [[openbsd/spam|Spam]] || [[openbsd/0days|0days]] || [[openbsd/rootkits|Rootkits]] || [[pledge/intro|pledge]] ||%0a|| [[unveil/intro|unveil]] || [[openbsd/databaseperms|Database Permissions]] || [[openbsd/secureweb|Secure web apps]] || [[openbsd/trust|Trust]] || [[openbsd/defaultdeny|Default Deny]] ||%0a|| [[openbsd/loginconf|login.conf]] || [[openbsd/ids|Intrusion detection system]] || [[openbsd/setuid|setuid binaries]] || [[openbsd/sa|system accounting]] || [[openbsd/quota|file quotas]] ||%0a|| [[openbsd/File Permissions]] || [[openbsd/shell|Shell Accounts]] || [[police/intro|Policing Guide]] || [[police/fingerprints|Police fingerprints]] ||%0a|| [[openbsd/oath-toolkit|oath-toolkit]] || [[doxing/defense|doxing defense]] || [[team/security|Team security]] ||%0a%0a||! Sheriff ||||||||||%0a|| [[sheriff/intro]] || || || || ||%0a%0a||! Desktop ||||||||||%0a|| X Windows || [[openbsd/Xenodm|Xenodm]] || || || ||%0a|| XFCE || [[xfce/install|Install XFCE]] || || || ||%0a|| FVWM || [[fvwm/configure|Configure FVWM]] || [[Xdefaults/Configure|Configure XDefaults]] || [[synclient/configure|Touchpad]] || [[cwm/configure|Configure cwm]] ||%0a|| VNC || [[TigerVNC/install|Install TigerVNC]] || [[TigerVNC/SSH|TigerVNC with SSH]] || || ||%0a|| || [[wsconsctl/usage|wsconsctl]] || || || ||%0a%0a||! Android ||||||||||%0a|| [[Fdroid/Install|Install F-Droid]] || || || || ||%0a%0a||! VMM ||%0a|| OpenBSD ||%0a|| Linux ||%0a|| Plan9 ||%0a%0a||! Plan 9 ||||||||||%0a|| [[9/9|9 intro]] || [[9/Shell|Plan9 Shells]] || [[9/install|9 Install]] || [[9/partdisk|partdisk]] || [[9/Plan9ini|Plan 9 ini]] ||%0a|| [[9/Drawterm]] || [[9/JSDrawterm]] || [[9/Links|9 Links]] || [[9/shocase|9 Showcase]] || [[9/rcpu|rcpu]] ||%0a|| [[9/101|9 101]] || [[9/bootcamp|9 bootcamp]] || [[9/9paste|9paste]] || [[9/independent|9: Independent]] || [[9/cheatsheet|9 Cheatsheet]] ||%0a|| [[9/sysupdate|sysupdate]] || [[9/packages|3rd party packages]] || [[9/ssh]] || [[rio/customize|Customize rio]] || [[9/chording|mouse chording]]%0a|| [[9/netcat|netcat]] || [[9/9gridchan|9gridchan]] || [[9/ideas|9 Ideas]] || [[cloud9p/roadmap|cloud9p]] || [[9/9pideas|9p Ideas]] ||%0a|| [[9/audio|audio]] || [[9/irc|IRC clients]] || [[9/reading]] || [[9/date|Date and time]] || [[9/acmemail]] ||%0a|| [[9/splinternet]] || [[9/FNS]] || [[9/PKI]] || [[9/IP]] || [[9/Why9]] ||%0a|| [[9/inter9]] || [[9/ramfs]] || || || ||%0a%0a||! Books ||||||||||%0a|| [[linux/reading/Linux Reading]] || [[unix/reading|Unix Reading]] || [[BSD/reading|BSD Reading]] ||%0a%0a||! Linux ||||||||||%0a|| || [[Debate/Linuxflaws|Linux Flaws]] || || || ||%0a%0a||! [[unix/intro|Unix]] ||||||||||||||%0a|| [[unix/history|History of UNIX]] || [[unix/exhibit|Exhibit]] || [[unix/reading|Unix Reading]] || [[SIMH/install]] ||||%0a%0a|| Idea Brainstorm ||||||||||%0a|| [[netizen/ellisisland]] || [[ircnow/newdeal]] || [[ircnow/womenstem]] || || ||%0a%0a||! Work in Progress Ideas ||||||||||%0a|| [[relays/relays|Union Relays]] || [[bots/bots|IRC Bots]] || [[hosting/hosting|Log Cabin Hosting]] || [[gazette/gazette|Gazette News]] || [[code/code|Code Armory]] ||%0a|| [[opsofliberty/bootcamp|Ops Bootcamp]] || [[shelllabs/intro|Shell Labs]] || [[civics/intro|Civics Intro]] || [[ircnow/projects|Software Projects]] || [[vnc/vnc|Screenshare]] ||%0a|| [[vpn/vpn|Patriot VPNs]] || [[netizen/become|Netizenship]] || [[WikiTips.WikiTips|Wiki Tips]] || [[license/license|Licenses]] || [[ircnow/ally|Ally Networks]] ||%0a|| [[Ircnow/victorycores|Victory Cores - Donate a Core]] || || || || ||%0a|| [[ircnow/opsofliberty|Ops of Liberty]] || [[ircnow/pioneer|Pioneer]] || [[ircnow/codeforce|CodeForce]] || [[ircnow/Ally|Ally]] || [[ircnow/explorer|Explorer]] ||%0a|| [[ircnow/ranger|Ranger]] || [[ircnow/settler|Settler]] || [[ircnow/Sheriff|Sheriff]] || [[ircnow/servers|ircnow servers]] || [[codeforce/training|Code Force]] ||%0a%0a||! Team ||||||||||%0a|| [[team/team|Team docs]] || [[openbsd/buyvm|Buyvm Guide]] || [[buyvm/routedsubnet|BuyVM Routed Subnet]] || || ||%0a%0a||! Historical Articles ||||||||||%0a|| [[openbsd/dkimproxy|dkimproxy]] || [[openbsd/opensmtpd|OpenSMTPd]] || [[openbsd/rbldns]] || [[opsofliberty/bootcamp|Ops Bootcamp]] || [[ircnow/goals|IRCNow goals]] ||%0a
+time=1731560380
title=Poor User's Almanack
+author:1731560380=SplinTer
+diff:1731560380:1731560220:=195c195%0a%3c || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] || [[Advanced Mail Server/install]] || %0a---%0a> || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] || || [[Advanced Mail Server/install]] || ||%0a
+host:1731560380=138.43.182.133
+author:1731560220=SplinTer
+diff:1731560220:1731560071:=195c195%0a%3c || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] || || [[Advanced Mail Server/install]] || ||%0a---%0a> || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] |[[Advanced Mail Server/install]] |%0a
+host:1731560220=138.43.182.133
+author:1731560071=SplinTer
+diff:1731560071:1731559911:=195c195%0a%3c || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] |[[Advanced Mail Server/install]] |%0a---%0a> || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] ||[[Advanced Mail Server|install]] ||%0a
+host:1731560071=138.43.182.133
+author:1731559911=SplinTer
+diff:1731559911:1731559672:=195c195%0a%3c || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] ||[[Advanced Mail Server|install]] ||%0a---%0a> || || [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]] || [[opensmtpd/openrelay|Open Mail Relay]] || [[opensmtpd/test|Test opensmtpd]] || ||%0a199c199%0a%3c || Clients || || [[Mutt.Connect|mutt]] || [[openbsd/fdm|fdm]] || ||%0a---%0a> || Clients || || [[Mutt.Connect|mutt]] || [[openbsd/fdm|fdm]] || [[Advanced Mail Server/install]] ||%0a
+host:1731559911=138.43.182.133
+author:1731559672=SplinTer
+diff:1731559672:1731559564:=197c197%0a%3c || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| || ||%0a---%0a> || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|[[Advanced Mail Server/install]]| || ||%0a199c199%0a%3c || Clients || || [[Mutt.Connect|mutt]] || [[openbsd/fdm|fdm]] || [[Advanced Mail Server/install]] ||%0a---%0a> || Clients || || [[Mutt.Connect|mutt]] || [[openbsd/fdm|fdm]] || ||%0a
+host:1731559672=138.43.182.133
+author:1731559564=SplinTer
+diff:1731559564:1731559402:=197c197%0a%3c || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|[[Advanced Mail Server/install]]| || ||%0a---%0a> || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Mail Server install/Dovecot/Smtpd]] || ||%0a
+host:1731559564=138.43.182.133
+author:1731559402=SplinTer
+diff:1731559402:1731559324:=197c197%0a%3c || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Mail Server install/Dovecot/Smtpd]] || ||%0a---%0a> || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server install/Dovecot/Smtpd]] || ||%0a
+host:1731559402=138.43.182.133
+author:1731559324=SplinTer
+diff:1731559324:1731559160:=197c197%0a%3c || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server install/Dovecot/Smtpd]] || ||%0a---%0a> || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server Setup/Dovecot & Smtpd]] || ||%0a
+host:1731559324=138.43.182.133
+author:1731559160=SplinTer
+diff:1731559160:1731546926:=197c197%0a%3c || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server Setup/Dovecot & Smtpd]] || ||%0a---%0a> || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server Setup]] || ||%0a
+host:1731559160=138.43.182.133
+author:1731546926=SplinTer
+diff:1731546926:1731546888:=203c203%0a%3c || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || [[ SystemStats,sh ]]%0a---%0a> || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || [[ SystemStats,sh ]]|%0a
+host:1731546926=138.43.182.133
+author:1731546888=SplinTer
+diff:1731546888:1731546028:=203c203%0a%3c || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || [[ SystemStats,sh ]]|%0a---%0a> || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || |[[ SystemStats,sh ]]|%0a
+host:1731546888=138.43.182.133
+author:1731546028=SplinTer
+diff:1731546028:1731545981:=203c203%0a%3c || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || |[[ SystemStats,sh ]]|%0a---%0a> || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] |[[ SystemStats,sh ]]| ||%0a
+host:1731546028=138.43.182.133
+author:1731545981=SplinTer
+diff:1731545981:1731545913:=203c203%0a%3c || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] |[[ SystemStats,sh ]]| ||%0a---%0a> || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] [[ SystemStats,sh ]] ||%0a
+host:1731545981=138.43.182.133
+author:1731545913=SplinTer
+diff:1731545913:1731545810:=203,204c203,204%0a%3c || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] [[ SystemStats,sh ]] ||%0a%3c || Utilities || [[doas/configure|sudo, doas]] || [[syspatch/syspatch|syspatch]] || [[openbsd/cron|cron]] || [[rcctl/rcctl|rcctl]] ||%0a---%0a> || [[openbsd/pkg|pkg]] || pkglocatedb || [[openbsd/ports|ports]] || [[Pkgadd.CheckUpdates|pkg_add check update]] || ||%0a> || Utilities || [[doas/configure|sudo, doas]] || [[syspatch/syspatch|syspatch]] || [[openbsd/cron|cron]] || [[rcctl/rcctl|rcctl]] | [[ SystemStats,sh ]] |%0a
+host:1731545913=138.43.182.133
+author:1731545810=SplinTer
+diff:1731545810:1731470919:=204c204%0a%3c || Utilities || [[doas/configure|sudo, doas]] || [[syspatch/syspatch|syspatch]] || [[openbsd/cron|cron]] || [[rcctl/rcctl|rcctl]] | [[ SystemStats,sh ]] |%0a---%0a> || Utilities || [[doas/configure|sudo, doas]] || [[syspatch/syspatch|syspatch]] || [[openbsd/cron|cron]] || [[rcctl/rcctl|rcctl]] ||%0a
+host:1731545810=138.43.182.133
author:1731470919=SplinTer
diff:1731470919:1731469382:=197c197%0a%3c || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Advanced Mail Server Setup]] || ||%0a---%0a> || || [[rspamd/configure|spamd]] || [[opensmtpd/inbox|Getting inboxed]]|| [[Setup Mail Server]] || ||%0a
host:1731470919=138.43.182.133
blob - /dev/null
blob + bf33166d42fda87f7bde6cd9d806b29052999e08 (mode 644)
--- /dev/null
+++ wiki.d/Almanack.AdvancedMailServerSetup
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
+author=SplinTer
+charset=UTF-8
+csum=
+ctime=1731470982
+host=138.43.182.133
+name=Almanack.AdvancedMailServerSetup
+rev=6
+targets=Openbsd.Loginconf,Openbsd.Rcctl,Dns.Overview,Nsd.Configure,DNS.Mail,Opensmtpd.Openrelay,Opensmtpd.Troubleshoot
+text=Let's set up dovecot & smtpd to allow users to read mail with IMAP & lmtp with rspamd spam filter!%0ayou only have two configeration files one for dovecot.conf and one for smtpd.cond!%0a%0a%0a!! Installation%0a%0a[@%0a$ doas pkg_add dovecot opensmtpd-extras opensmtpd-filter-dkimsign-- opensmtpd-filter-dkimsign-0.5p2 opensmtpd-filter-rspamd-0.1.8p0 opensmtpd-filter-senderscore-0.1.2%0a@]%0a%0a!! Configuration%0a%0aA single user vmail will receive mail for all virtual users:%0a%0a[@%0a$ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a@]%0a%0a/var/vmail will be used to store virtual users' maildir folders. It will be managed by%0adovecot, which receives mail via LMTP. other files for smtpd files for /etc/mail/aliases, %0adomains file:/etc/mail/domains, passwd file:/etc/mail/passwd, users file:/etc/mail/users,%0avusers file:/etc/mail/vusers, or hosts file:/etc/mail/hosts! all these's files are located %0ain /etc/mail folder is part of smtpd.conf setup!%0a%0aIn order to secure our passwords, we need to rearrange file permissions and owners:%0a%0a[@%0a$ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a$ doas chown _smtpd:_dovecot /etc/mail/passwd%0a$ doas chmod 770 /etc/mail/dkim/%0a$ doas chmod 440 /etc/mail/passwd%0a$ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a@]%0a%0aHere is Example /etc/dovecot/dovecot.conf to go by! change your hostname from example to your correct host and ip address's if specified!%0a%0a[@%0aprotocols = imap lmtp%0alisten = 198.251.81.119, 2605:6400:10:5bf::, 127.0.0.1%0a%0aservice lmtp {%0a user = vmail%0a}%0a%0aservice imap-login {%0a inet_listener imap {%0a address = *%0a port = 143%0a }%0a inet_listener imaps {%0a address = *%0a port = 993%0a ssl = yes%0a }%0a user = _dovecot%0a group = _dovecot%0a executable = /usr/local/libexec/dovecot/imap-login%0a}%0a%0aservice auth {%0a user = _dovecot%0a group = _dovecot%0a executable = /usr/local/libexec/dovecot/auth%0a}%0a%0aservice quota-warning {%0a executable = script /usr/local/libexec/dovecot/quota-warning.sh%0a unix_listener quota-warning {%0a mode = 0600%0a user = vmail%0a group = vmail%0a }%0a}%0a%0aquota_full_tempfail = yes%0assl = yes%0assl_cert = %3c/etc/ssl/mail.examplee.com.crt%0assl_key = %3c/etc/ssl/private/mail.example.com.key%0assl_dh=%3c/etc/dovecot/dhparam.pem%0assl_cipher_list = ALL:!LOW:!SSLv2%0a%0amail_location = maildir:/var/vmail/%25d/%25n/Maildir%0amail_uid = 1024%0amail_gid = 1024%0a%0avalid_chroot_dirs = /var/vmail%0alog_path = /var/log/dovecot.err%0ainfo_log_path = /var/log/dovecot.info%0alog_timestamp = "%25Y-%25m-%25d %25H:%25M:%25S "%0alogin_greeting = Dovecot ready.%0adisable_plaintext_auth = no%0aauth_verbose = yes%0aauth_debug = yes%0aauth_debug_passwords = yes%0amail_debug = yes%0aauth_verbose_passwords=sha1%0averbose_ssl=yes%0a%0a%0apassdb {%0a driver = passwd-file%0a args = scheme=blf-crypt /etc/dovecot/users.txt%0a}%0a%0auserdb {%0a args = uid=vmail gid=vmail home=/var/vmail/%25d/%25n%0a driver = static%0a}%0a@]%0a%0aThis tells dovecot to listen to the protocols IMAP, and LMTP.%0a'''Note''': We don't want to support pop3 or submission with dovecot.%0a%0aIt also tells dovecot the public IPs you want it to listen on. Finally, the last%0ablock tells dovecot to change to the username vmail to listen for LMTP.%0a%0aWe defines our password database to use blowfish (see [[https://man.openbsd.org/blowfish|blowfish(3)]] and [[https://man.openbsd.org/encrypt|encrypt(1)]]).%0a%0aThe second block says that the mail must be read by user ID and group ID vmail, and%0athat all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a%0aThis again indicates all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a%0aYou will need to replace example.com with your real domain name.%0a%0aPlease read the instructions in the dovecot README in @@/usr/local/share/doc/pkg-readmes/dovecot@@. That file explains that you must add this [[openbsd/loginconf|login class]] to /etc/login.conf:%0a%0a[@%0adovecot:\%0a :openfiles-cur=4096:\%0a :openfiles-max=8192:\%0a :tc=daemon:%0a@]%0a%0a'''WARNING''': You must use tabs and not spaces. If you use spaces in /etc/login.conf, the settings will '''not''' work.%0a%0a'''NOTE''': Allowing more open files than suggested in the README can help if you have many IP addresses.%0a%0a'''WARNING''': If login.conf.db exists, you will need to rebuild it:%0a%0a[@%0a# [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf%0a@]%0a%0aBut it is best to just remove /etc/login.conf.db since it is not required:%0a%0a[@%0a$ doas rm /etc/login.conf.db%0a@]%0a%0a!! Starting dovecot%0a%0aTo start dovecot via [[openbsd/rcctl|rcctl]]:%0a%0a[@%0a$ doas rcctl enable dovecot%0a$ doas rcctl start dovecot%0a@]%0a%0a!! Troubleshooting%0a%0aMake sure to check /var/log/maillog: for errors too%0aMake sure to check Errors in /var/log/dovecot.err for errors too%0aMake sure to check Info in /var/log/dovecot.info for errors too%0aMake sure to check rspamd in /var/log/rspamd/rspamd.log for errors too%0a%0a[@%0a$ openssl s_client -starttls imap -connect username.example.com:143%0a@]%0a%0aWhen starting dovecot, you may find it fails:%0a%0a[@%0a$ doas rcctl start dovecot%0a@]%0a%0aWhen this happens, run the rc.d script with debugging turned on:%0a%0a[@%0a$ doas /etc/rc.d/dovecot -d start%0adoing _rc_parse_conf%0adoing _rc_quirks%0adovecot_flags empty, using default >%3c%0adoing rc_check%0adovecot%0adoing rc_start%0adoing _rc_wait start%0adoing rc_check%0a@]%0a%0adoveconf: Fatal: Error in configuration file /etc/dovecot/conf: ssl_cert: Can't open file /etc/ssl/dovecotcert.pem: No such file or directory%0adoing _rc_rm_runfile%0a(failed)%0a%0aIn this case, you can see the error in the logs forgot to write the real path of the cert: @@/etc/ssl/example.com.crt@@ (where example.com is replaced with my real domain).%0a%0a[@%0aJun 9 01:37:35 jrmu dovecot: auth: Error: passwd-file(jrmu@jrmu.host.oddprotocol.org,125.231.25.80,%3caiyNgk/EuHB95xlQ>): stat(/etc/mail/passwd) failed: Permission denied (euid=518(_dovecot) egid=518(_dovecot) missing +x perm: /etc/mail, we're not in group 1003(_mail), dir owned by 95:1003 mode=0750)%0aJun 9 01:37:41 jrmu dovecot: auth: Error: passwd-file(jrmu@jrmu.host.oddprotocol.org,125.231.25.80,%3caiyNgk/EuHB95xlQ>): stat(/etc/mail/passwd) failed: Permission denied (euid=518(_dovecot) egid=518(_dovecot) missing +x perm: /etc/mail, we're not in group 1003(_mail), dir owned by 95:1003 mode=0750)%0a@]%0a%0aLet's set up a mail server with dkim signing and basic rspamd checks:%0a%0a!! Before we begin%0a%0aRead the the man pages for [[https://man.openbsd.org/smtpd|opensmtpd]], [[https://man.openbsd.org/smtpd.conf|smtpd.conf]], and [[https://man.openbsd.org/smtpctl|smtpctl]]. %0a%0aRead the [[https://github.com/poolpOrg/OpenSMTPD-book|free OpenSMTPd book]] by the%0aauthor of OpenSMTPd%0a%0a!! DNS%0a%0aRunning a mail server requires proper DNS records. If you have not already, you will%0awant to read up on [[dns/overview|DNS]] and [[nsd/configure|set up your name server]].%0a%0aYou will need to [[DNS/Mail|add proper DNS records]] to your domain and make sure they work.%0a%0a!! Install%0a%0aOpensmtpd is part of OpenBSD base, but we will also want to install some%0aopensmtpd-related packages and dovecot:%0a%0a[@%0a$ doas pkg_add opensmtpd-extras opensmtpd-filter-dkimsign-- dovecot-2.3.21.1v0 rspamd-3.9.1%0a@]%0a%0aIf prompted to choose a version for dovecot, choose the one without gssapi [[https://doc.dovecot.org/3.0/configuration_manual/authentication/gssapi/|gssapi]]. %0a%0aMake sure to read the dkimsign filter README at @@/usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign@@.%0a%0a!! Configuration%0a%0a!!! TLS%0a%0aYou will want to use acme-client to request a TLS public cert and private key%0ain @@/etc/acme-client.conf@@.%0a%0a[@%0a#%0a# $OpenBSD: acme-client.conf,v 1.5 2023/05/10 07:34:57 tb Exp $%0a#%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a}%0a%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a}%0a%0aauthority buypass {%0a api url "https://api.buypass.com/acme/directory"%0a account key "/etc/acme/buypass-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0aauthority buypass-test {%0a api url "https://api.test4.buypass.no/acme/directory"%0a account key "/etc/acme/buypass-test-privkey.pem"%0a contact "mailto:me@example.com"%0a}%0a%0adomain example.com {%0a# alternative names { }%0a domain key "/etc/ssl/private/example.com.key"%0a domain full chain certificate "/etc/ssl/example.com.crt"%0a sign with letsencrypt%0a}%0adomain bnc.example.com {%0a# alternative names { }%0a domain key "/etc/ssl/private/bnc.example.com.key"%0a domain full chain certificate "/etc/ssl/bnc.example.com.crt"%0a sign with letsencrypt%0a}%0a%0adomain webirc.example.com {%0a# alternative names { }%0a domain key "/etc/ssl/private/webirc.example.com.key"%0a domain full chain certificate "/etc/ssl/webirc.example.com.crt"%0a sign with letsencrypt%0a}%0a%0adomain webmail.example.com {%0a# alternative names { }%0a domain key "/etc/ssl/private/webmail.example.com.key"%0a domain full chain certificate "/etc/ssl/webmail.example.com.crt"%0a sign with letsencrypt%0a}%0a%0adomain mail.example.com {%0a# alternative names { }%0a domain key "/etc/ssl/private/mail.example.com.key"%0a domain full chain certificate "/etc/ssl/mail.example.com.crt"%0a sign with letsencrypt%0a}%0adomain wiki.example.com {%0a# alternative names { }%0a domain key "/etc/ssl/private/wiki.example.com.key"%0a domain full chain certificate "/etc/ssl/wiki.example.com.crt"%0a sign with letsencrypt%0a}%0a%0a@]%0a%0aNext, we'll create our smtpd configuration file in @@/etc/mail/smtpd.conf@@:%0aBelow is a example smtpd.conf file below! make sure to change the host and ip%0aaddress's to your vm's ipv4 and ipv6 address!%0a%0a[@%0a# PKI for TLS%0apki mail.example.com cert "/etc/ssl/mail.example.com.crt" # path to SSL certificate%0apki mail.example.com key "/etc/ssl/private/mail.example.com.key" # path to private key%0a%0a# tables setup%0atable aliases file:/etc/mail/aliases%0atable domains file:/etc/mail/domains%0atable passwd file:/etc/mail/passwd%0atable users file:/etc/mail/users%0atable vusers file:/etc/mail/vusers%0atable hosts file:/etc/mail/hosts%0a%0a# Blocks junk mail%0afilter rspamd proc-exec "filter-rspamd"%0afilter check_rdns phase connect match !rdns junk%0afilter check_fcrdns phase connect match !fcrdns junk%0afilter "dkimsign" proc-exec "filter-dkimsign -d example.com -s mail -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign%0a%0a# macros%0aipv4 = "publicipv4"%0aipv6 = "publicipv6"%0acheck = "pki mail.example.com filter { check_rdns check_fcrdns rspamd } hostname example.com"%0aauthcheck = "pki mail.example.com auth %3cpasswd> mask-src senders %3cusers> filter { check_rdns check_fcrdns dkimsign rspamd } hostname example.com"%0a%0a# listeners%0alisten on socket filter { dkimsign rspamd }%0alisten on lo0 filter { dkimsign rspamd }%0a# listen on socket filter "dkimsign"%0a# listen on lo0 filter "dkimsign"%0alisten on $ipv4 port 25 tls $check%0alisten on $ipv6 port 25 tls $check %0alisten on $ipv4 port 465 tls-require $authcheck %0alisten on $ipv6 port 465 tls-require $authcheck %0alisten on $ipv4 port 587 tls-require $authcheck %0alisten on $ipv6 port 587 tls-require $authcheck%0a%0a# rules%0aaction "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvusers>%0aaction "outbound" relay src $ipv4%0a%0amatch from any for domain %3cdomains> action "lmtp"%0amatch from src %3chosts> for any action "outbound"%0amatch from local for any action "outbound"%0amatch auth from any for any action "outbound" %0a@]%0a%0aThe domains table contains a list of domains that our mail server should%0areceive mail on. domains file:/etc/mail/domains%0a%0a'''Note''': Do not add domains that your mail server does not directly serve%0a(for example, do not add domains you intend to forward mail to). If you add%0athem by mistake, the mail server will not forward the mail properly.%0a%0aThe passwd table contains a colon-separated list of username/password/disk quota%0aentries. passwd file for smptpd /etc/mail/passwd%0a%0aThe vusers file shows which virtual user should handle whose mail. They are written as @@key: value@@ pairs.%0aSee [[https://man.openbsd.org/aliases|aliases(5)]] for more information. vusers file:/etc/mail/vusers%0a%0aThe hosts file contains a list of trusted sending hosts. hosts file:/etc/mail/hosts%0a%0aThe users file contains a list of valid sending users. users file:/etc/mail/users%0a%0aAll of these tables will be explained further in the following sections.%0a%0a!!! Dealing with Spam%0a%0a%0aThe first filter will check if the sender has an rdns entry. If not, the mail%0awill be labeled as junk.%0a%0aThe second filter will check if the sender's forward and reverse dns entry match. If%0anot, the mail will be labeled as junk.%0a%0aThe first filter will check if the sender has an rspam entry. If not, the mail%0awill be labeled as junk.%0a%0aThe fourth filter will sign any email with the DKIM private key.%0a%0a# -d specifies the domain name to sign for; you must replace example.com with your real domain.%0a# -s specifies the selector (in this case mail).%0a# -k specifies the path of the private key.%0a# user and group both specify _dkimsign, the user and group that does the signing%0a%0a!!! Macros%0a%0aA macro defines a variable that will be replaced with a block of text:%0a%0adefine the IPv4 and IPv6 addresses used for sending and receiving mail.%0a%0aopensmtpd to use the public/private keys we defined earlier for @@example.com@@. We mask the sender's source (the '''from''' part of the @@Received@@ header). We also apply two filters to check for proper forward and reverse confirmed DNS entries. Finally, we indicate that the sending hostname must be example.com instead of the default server name.%0a%0ait requires authentication with the password file and it checks if the sender is allowed.%0a%0a!!! Listeners%0a%0aThe listeners tell us what network interfaces, IP addresses, and ports to listen on.%0a%0asmtpd to listen to the UNIX domain socket and to DKIM sign all %0aemails. tells us to listen to the loopback interface and also%0asign all emails.%0a%0asmtpd to listen on the IPv4 and IPv6 address on port 25, to provide%0aTLS if supported but to offer plaintext as a fallback. Only basic checking is done.%0a%0asmtpd to listen on the IPv4 and IPv6 address on port 465, for SMTPS.%0aTLS encryption is required and authentication checking is forced because this socket%0acan be used for sending mail to other servers. We want to avoid an open mail relay.%0a%0a!!! Rules%0a%0awe define the actions that opensmtpd can take and how to decide which%0aaction to follow:%0a%0awe define the action "lmtp": we pass the mail to dovecot to handle using the Local Mail Transfer Protocol (LMTP). The actual recipient will be translated using the virtuals table.%0a%0awe define the action "outbound": we relay (send) the email out.%0a%0awe defines matching rule: any email headed for one of our domains should be handed over to lmtp (handed over to dovecot).%0a%0awe defines matching rule: any email from a local IP address or queue can relay (send) without authentication.%0a%0awe defines matching rule: any email from our trusted @@/etc/mail/hosts@@ file will automatically be relayed (sent) without authentication.%0a%0awe defines our last matching rule: any email that has been properly authenticated will be relayed (sent).%0a%0a!!! Complete configuration file%0a%0aHere is the entire configuration file in @@/etc/mail/smtpd.conf@@:%0a%0a[@%0a# PKI for TLS%0apki mail.example.com cert "/etc/ssl/mail.example.com.crt" # path to SSL certificate%0apki mail.example.com key "/etc/ssl/private/mail.example.com.key" # path to private key%0a%0a# tables setup%0atable aliases file:/etc/mail/aliases%0atable domains file:/etc/mail/domains%0atable passwd file:/etc/mail/passwd%0atable users file:/etc/mail/users%0atable vusers file:/etc/mail/vusers%0atable hosts file:/etc/mail/hosts%0a%0a# Blocks junk mail%0afilter rspamd proc-exec "filter-rspamd"%0afilter check_rdns phase connect match !rdns junk%0afilter check_fcrdns phase connect match !fcrdns junk%0afilter "dkimsign" proc-exec "filter-dkimsign -d example.com -s mail -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign%0a%0a# macros%0aipv4 = "publicipv4"%0aipv6 = "publicipv6"%0acheck = "pki mail.example.com filter { check_rdns check_fcrdns rspamd } hostname example.com"%0aauthcheck = "pki mail.example.com auth %3cpasswd> mask-src senders %3cusers> filter { check_rdns check_fcrdns dkimsign rspamd } hostname example.com"%0a%0a# listeners%0alisten on socket filter { dkimsign rspamd }%0alisten on lo0 filter { dkimsign rspamd }%0a# listen on socket filter "dkimsign"%0a# listen on lo0 filter "dkimsign"%0alisten on $ipv4 port 25 tls $check%0alisten on $ipv6 port 25 tls $check %0alisten on $ipv4 port 465 tls-require $authcheck %0alisten on $ipv6 port 465 tls-require $authcheck %0alisten on $ipv4 port 587 tls-require $authcheck %0alisten on $ipv6 port 587 tls-require $authcheck%0a%0a# rules%0aaction "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvusers>%0aaction "outbound" relay src $ipv4%0a%0amatch from any for domain %3cdomains> action "lmtp"%0amatch from src %3chosts> for any action "outbound"%0amatch from local for any action "outbound"%0amatch auth from any for any action "outbound"%0a@]%0a%0a!! Configuring Virtual Users%0a%0aA single user vmail will receive mail for all virtual users:%0a%0a[@%0a$ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a@]%0a%0a/var/vmail will be used to store virtual users' maildir folders. It will be managed by dovecot, which receives mail via LMTP.%0a%0a!! Adding users%0a%0aCreate a new file @@/etc/mail/vusers@@ and add these lines:%0a%0a[@%0aroot admin@example.com%0aadmin@example.com vmail%0ausername@example.com vmail%0a@]%0a%0aNow, any mail sent to root will get forwarded to admin@example.com.%0a%0a'''NOTE''': Make sure to check the mail account linked to root often! other programs will send mails to root.%0a%0aYou can optionally add one line for each user to provide aliases.%0a%0aFor each new user account, you will want to create a new line.%0a%0aYou'll also need to create one line for each user in @@/etc/mail/users@@:%0a%0a[@%0aadmin@example.com: admin@example.com%0ausername@example.com: username@example.com%0a@]%0a%0aA whitelist of known good senders goes into @@/etc/mail/hosts@@:%0a%0a[@%0a192.168.1.1%0a2001:db8::%0a@]%0a%0aReplace IP addresses 192.168.1.1 and 2001:db8:: with your server's real IP addresses.%0a%0aIn @@/etc/mail/mailname@@, put in the name you want to use for your mail server. This%0ais very important for passing anti-spam checks:%0a%0a[@%0aexample.com%0a@]%0a%0aThe list of domains this mail server can receive emails for will go inside @@/etc/mail/domains@@:%0a%0a[@%0aexample.com%0amail.example.com%0a@]%0a%0aIn @@/etc/mail/passwd@@, we have a list of colon-separated user credentials:%0a%0a[@%0aadmin@example.com:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G%0ausername@example.com:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G%0a@]%0a%0aEach field is separated with a colon.%0a%0aThe first field tells you the username. Note that usernames include a domain -- this is because you might host mail for multiple domains. So, when logging in to the mail server, your mail client must be of the format username@example.com.%0a%0aThe second field is the password hash. To generate a hash, you can run encrypt:%0a%0a[@%0a$ encrypt specificpassword%0a@]%0a%0aType your password, then press @@enter@@. Type @@ctrl+d@@ to quit.%0a%0a@@smtpctl encrypt@@ also does the same thing:%0a%0a[@%0a$ smtpctl encrypt%0a@]%0a%0a'''WARNING''': Special characters like $, when used in passwords, may cause issues with your mail client or with opensmtpd. To be safe, you might want to use only alphanumeric characters for your password. You can increase the length of the password for more security.%0a%0aThe last field sets how much data storage each user is allowed. The default here is 1 gigabyte.%0a%0a!!! File Permissions%0a%0aMake sure to set the proper permissions:%0a%0a[@%0a$ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a$ doas chown _smtpd:_dovecot /etc/mail/passwd%0a$ doas chmod 770 /etc/mail/dkim/%0a$ doas chmod 440 /etc/mail/passwd%0a$ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a@]%0a%0aNote that you want to keep the ownership of any files that are listed in @@/etc/mtree/special@@ the same, and the file permissions must be at least as strict as those. Otherwise the [[security(8) -> https://man.openbsd.org/security]] script run by [[daily(8) -> https://man.openbsd.org/daily]] will flag those files and mail you about them.%0a%0a!! IMAP via dovecot%0a%0aTo finish the setup, we need to install and configure dovecot.%0a%0a!! DKIM signing%0a%0aWe will need to set up DKIM]to have the mail properly signed.%0a%0a!! Troubleshooting%0a%0aOpenSMTPD may end up in an inconsistent state. This can happen due to a misconfiguration. One symptom is you see this error:%0a%0asmtpd[]: pony express: smtpd: socket: Too many open files%0a%0aTo fix this, you can delete all the temporary files inside OpenSMTPD.%0a%0a'''WARNING''': this will delete any messages in the queue:%0a%0a[@%0a$ doas rcctl stop smtpd%0a$ doas rm -r /var/spool/smtpd/queue/*%0a$ doas rm -r /var/spool/smtpd/offline/*%0a@]%0a%0aopensmtpd may be unable to connect because outgoing packets are being filtered. For example, suppose you are trying to send a letter to yahoo, but you get errors similar to following, showing a connection timeout:%0a%0a[@%0asmtpd[]: smtp-out: Enabling route [] %3c-> 67.195.204.77 (mtaproxy1.free.mail.vip.bf1.yahoo.com)%0asmtpd[]: smtp-out: Enabling route [] %3c-> 67.195.228.106 (mtaproxy2.free.mail.vip.gq1.yahoo.com)%0asmtpd[]: mta error reason=Connection timeout%0asmtpd[]: smtp-out: Disabling route [] %3c-> 104.47.55.33 (104.47.55.33) for 15s%0a@]%0a%0aAn easy way to test if your packets are being filtered is:%0a%0a[@%0a$ dig -t mx yahoo.com%0a;; ANSWER SECTION:%0ayahoo.com. 395 IN MX 1 mta6.am0.yahoodns.net.%0ayahoo.com. 395 IN MX 1 mta5.am0.yahoodns.net.%0ayahoo.com. 395 IN MX 1 mta7.am0.yahoodns.net.%0a$ nc mta5.am0.yahoodns.net 25%0a@]%0a%0aIf you get no response, then outgoing packets to port 25 are being blocked (often due to firewalls by your VPS provider to block spam). If mail is working, you should see a 220 reply:%0a%0a[@%0a$ nc mta5.am0.yahoodns.net 25%0a220 mtaproxy511.free.mail.ne1.yahoo.com ESMTP ready%0a@]%0a%0aIt is also possible that TLS is being dropped by the firewall. You can test using openssl:%0a%0a[@%0a$ openssl s_client -starttls smtp -connect mta5.am0.yahoodns.net:25%0aCONNECTED(00000003)%0adepth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA%0averify return:1%0adepth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA%0averify return:1%0adepth=0 C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.am0.yahoodns.net%0a...%0a250 STARTTLS%0a@]%0a%0aYou should see the entire SSL cert plus 250 STARTTLS reply. If you see the response hang at any point (eg, it returns CONNECTED(00000003) and nothing else), then TLS on port 25 is being filtered.%0a%0aIf you see this warning message in /var/log/maillog:%0a%0a[@%0aDec 6 03:44:17 smtpd[]: info: OpenSMTPD 6.7.0 starting %0aDec 6 03:44:17 smtpd[]: pony express: smtpd: socket: Too many open files %0aDec 6 03:44:17 smtpd[]: warn: lost child: pony express exited abnormally %0a@]%0a%0aThis is due to having too many IP addresses that opensmtpd tries to bind to. This happens when you have a rule that says @@listen on egress@@:%0a%0a[@%0alisten on egress port 25 tls pki fruit.ircnow.org mask-src filter { check_rdns check_fcrdns }%0alisten on egress port 587 tls-require pki fruit.ircnow.org auth %3cpasswd> mask-src filter { dkimsign }%0a@]%0a%0aThese two lines mean that opensmtpd will listen to '''all''' available ip addresses, including the hundreds of IPv6 addresses you may have in @@/etc/hostname.vio0@@ and @@ifconfig vio0@@. To fix this, you must specify the IP addresses you want to listen to:%0a%0a!!! Open Mail Relay%0a%0aIf all your email is being marked as spam, check @@/var/log/maillog, /var/log/dovecot.err, var/log/dovecot.info or /var/log/rspamd/rspamd.log@@ . If you see a message like the following:%0a[@%0aJan 8 11:00:29 smtpd[39035]: 83bd6b3b1669649f mta delivery evpid=a8d16cd2144222fa from=%3cspammer@example.com> to=%3cvictim@example.com> rcpt=%3c-> source="192.168.0.1" relay="10.0.0.1 (10.0.0.1)" delay=16h2s result="TempFail" stat="451 4.7.650 The mail server [192.168.0.1] has been temporarily rate limited due to IP reputation. For e-mail delivery information, see https://postmaster.example.com (S843)"%0a@]%0aThen your server is being exploited as an [[opensmtpd/openrelay|open mail relay]]! Please follow the guide to fix it.%0a%0a!! [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]]
+time=1731551299
+author:1731551299=SplinTer
+diff:1731551299:1731551245:=2c2%0a%3c you only have two configeration files one for dovecot.conf and one for smtpd.cond!%0a---%0a> you only have two configeratuib fules one for dovecot.conf and one for smtpd.cond!%0a
+host:1731551299=138.43.182.133
+author:1731551245=SplinTer
+diff:1731551245:1731550605:=1,4c1,2%0a%3c Let's set up dovecot & smtpd to allow users to read mail with IMAP & lmtp with rspamd spam filter!%0a%3c you only have two configeratuib fules one for dovecot.conf and one for smtpd.cond!%0a%3c %0a%3c %0a---%0a> Let's set up dovecot & smtpd to allow users to read mail with IMAP and POP with rspamd spam filter!%0a> %0a20,24c18,19%0a%3c dovecot, which receives mail via LMTP. other files for smtpd files for /etc/mail/aliases, %0a%3c domains file:/etc/mail/domains, passwd file:/etc/mail/passwd, users file:/etc/mail/users,%0a%3c vusers file:/etc/mail/vusers, or hosts file:/etc/mail/hosts! all these's files are located %0a%3c in /etc/mail folder is part of smtpd.conf setup!%0a%3c %0a---%0a> dovecot, which receives mail via LMTP.%0a> %0a162,165c157,159%0a%3c Make sure to check /var/log/maillog: for errors too%0a%3c Make sure to check Errors in /var/log/dovecot.err for errors too%0a%3c Make sure to check Info in /var/log/dovecot.info for errors too%0a%3c Make sure to check rspamd in /var/log/rspamd/rspamd.log for errors too%0a---%0a> Make sure to check /var/log/maillog:%0a> Make sure to check Errors in /var/log/dovecot.err%0a> Make sure to check Info in /var/log/dovecot.info%0a
+host:1731551245=138.43.182.133
+author:1731550605=SplinTer
+diff:1731550605:1731510706:=33c33%0a%3c protocols = imap lmtp%0a---%0a> protocols = imap pop3 lmtp%0a70a71,73%0a> pop3_fast_size_lookups = yes%0a> pop3_no_flag_updates = yes%0a> pop3_uidl_format = %25g%0a106,108c109,111%0a%3c This tells dovecot to listen to the protocols IMAP, and LMTP.%0a%3c '''Note''': We don't want to support pop3 or submission with dovecot.%0a%3c %0a---%0a> This tells dovecot to listen to the protocols IMAP, POP3, and LMTP.%0a> '''Note''': We don't want to support submission with dovecot.%0a> %0a112,113c115,116%0a%3c We defines our password database to use blowfish (see [[https://man.openbsd.org/blowfish|blowfish(3)]] and [[https://man.openbsd.org/encrypt|encrypt(1)]]).%0a%3c %0a---%0a> The first block defines our password database to use blowfish (see [[https://man.openbsd.org/blowfish|blowfish(3)]] and [[https://man.openbsd.org/encrypt|encrypt(1)]]).%0a> %0a189,190c192,193%0a%3c In this case, you can see the error in the logs forgot to write the real path of the cert: @@/etc/ssl/example.com.crt@@ (where example.com is replaced with my real domain).%0a%3c %0a---%0a> In this case, you can see the error is in line 12 I forgot to write the real path of the cert: @@/etc/ssl/example.com.crt@@ (where example.com is replaced with my real domain).%0a> %0a229,231c232,236%0a%3c You will want to use acme-client to request a TLS public cert and private key%0a%3c in @@/etc/acme-client.conf@@.%0a%3c %0a---%0a> You will want to use [[acme-client/configure|acme-client]] to request a TLS public cert and private key%0a> in @@/etc/ssl/@@.%0a> %0a> Next, we'll create our smtpd configuration file in @@/etc/mail/smtpd.conf@@:%0a> %0a233,304d237%0a%3c #%0a%3c # $OpenBSD: acme-client.conf,v 1.5 2023/05/10 07:34:57 tb Exp $%0a%3c #%0a%3c authority letsencrypt {%0a%3c api url "https://acme-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-privkey.pem"%0a%3c }%0a%3c %0a%3c authority letsencrypt-staging {%0a%3c api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a%3c }%0a%3c %0a%3c authority buypass {%0a%3c api url "https://api.buypass.com/acme/directory"%0a%3c account key "/etc/acme/buypass-privkey.pem"%0a%3c contact "mailto:me@example.com"%0a%3c }%0a%3c %0a%3c authority buypass-test {%0a%3c api url "https://api.test4.buypass.no/acme/directory"%0a%3c account key "/etc/acme/buypass-test-privkey.pem"%0a%3c contact "mailto:me@example.com"%0a%3c }%0a%3c %0a%3c domain example.com {%0a%3c # alternative names { }%0a%3c domain key "/etc/ssl/private/example.com.key"%0a%3c domain full chain certificate "/etc/ssl/example.com.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c domain bnc.example.com {%0a%3c # alternative names { }%0a%3c domain key "/etc/ssl/private/bnc.example.com.key"%0a%3c domain full chain certificate "/etc/ssl/bnc.example.com.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c %0a%3c domain webirc.example.com {%0a%3c # alternative names { }%0a%3c domain key "/etc/ssl/private/webirc.example.com.key"%0a%3c domain full chain certificate "/etc/ssl/webirc.example.com.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c %0a%3c domain webmail.example.com {%0a%3c # alternative names { }%0a%3c domain key "/etc/ssl/private/webmail.example.com.key"%0a%3c domain full chain certificate "/etc/ssl/webmail.example.com.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c %0a%3c domain mail.example.com {%0a%3c # alternative names { }%0a%3c domain key "/etc/ssl/private/mail.example.com.key"%0a%3c domain full chain certificate "/etc/ssl/mail.example.com.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c domain wiki.example.com {%0a%3c # alternative names { }%0a%3c domain key "/etc/ssl/private/wiki.example.com.key"%0a%3c domain full chain certificate "/etc/ssl/wiki.example.com.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c %0a%3c @]%0a%3c %0a%3c Next, we'll create our smtpd configuration file in @@/etc/mail/smtpd.conf@@:%0a%3c Below is a example smtpd.conf file below! make sure to change the host and ip%0a%3c address's to your vm's ipv4 and ipv6 address!%0a%3c %0a%3c [@%0a393,398c326,331%0a%3c define the IPv4 and IPv6 addresses used for sending and receiving mail.%0a%3c %0a%3c opensmtpd to use the public/private keys we defined earlier for @@example.com@@. We mask the sender's source (the '''from''' part of the @@Received@@ header). We also apply two filters to check for proper forward and reverse confirmed DNS entries. Finally, we indicate that the sending hostname must be example.com instead of the default server name.%0a%3c %0a%3c it requires authentication with the password file and it checks if the sender is allowed.%0a%3c %0a---%0a> Lines 2 and 3 define the IPv4 and IPv6 addresses used for sending and receiving mail.%0a> %0a> Line 4 tells opensmtpd to use the public/private keys we defined earlier for @@example.com@@. We mask the sender's source (the '''from''' part of the @@Received@@ header). We also apply two filters to check for proper forward and reverse confirmed DNS entries. Finally, we indicate that the sending hostname must be example.com instead of the default server name.%0a> %0a> Line 5 is identical to line 4 except it requires authentication with the password file and it checks if the sender is allowed.%0a> %0a403,404c336,337%0a%3c smtpd to listen to the UNIX domain socket and to DKIM sign all %0a%3c emails. tells us to listen to the loopback interface and also%0a---%0a> Line 2 tells smtpd to listen to the UNIX domain socket and to DKIM sign all %0a> emails. Line 3 tells us to listen to the loopback interface and also%0a407c340%0a%3c smtpd to listen on the IPv4 and IPv6 address on port 25, to provide%0a---%0a> Lines 4-5 tells smtpd to listen on the IPv4 and IPv6 address on port 25, to provide%0a410c343%0a%3c smtpd to listen on the IPv4 and IPv6 address on port 465, for SMTPS.%0a---%0a> Lines 6-7 tells smtpd to listen on the IPv4 and IPv6 address on port 465, for SMTPS.%0a412,413c345,347%0a%3c can be used for sending mail to other servers. We want to avoid an open mail relay.%0a%3c %0a---%0a> can be used for sending mail to other servers. We want to avoid an%0a> [[opensmtpd/openrelay|open mail relay]].%0a> %0a416c350%0a%3c we define the actions that opensmtpd can take and how to decide which%0a---%0a> Next we define the actions that opensmtpd can take and how to decide which%0a423,428c357,362%0a%3c we defines matching rule: any email headed for one of our domains should be handed over to lmtp (handed over to dovecot).%0a%3c %0a%3c we defines matching rule: any email from a local IP address or queue can relay (send) without authentication.%0a%3c %0a%3c we defines matching rule: any email from our trusted @@/etc/mail/hosts@@ file will automatically be relayed (sent) without authentication.%0a%3c %0a---%0a> we defines our first matching rule: any email headed for one of our domains should be handed over to lmtp (handed over to dovecot).%0a> %0a> we defines our second matching rule: any email from a local IP address or queue can relay (send) without authentication.%0a> %0a> we defines our third matching rule: any email from our trusted @@/etc/mail/hosts@@ file will automatically be relayed (sent) without authentication.%0a> %0a504,505c438,439%0a%3c '''NOTE''': Make sure to check the mail account linked to root often! other programs will send mails to root.%0a%3c %0a---%0a> '''NOTE''': Make sure to check the mail account linked to root often! [[https://man.openbsd.org/daily|daily(8)]] and other programs will send mails to root.%0a> %0a583,586c517,520%0a%3c !! IMAP via dovecot%0a%3c %0a%3c To finish the setup, we need to install and configure dovecot.%0a%3c %0a---%0a> !! IMAP and POP3 via dovecot%0a> %0a> To finish the setup, we need to [[dovecot/install|install and configure dovecot]].%0a> %0a589,590c523,524%0a%3c We will need to set up DKIM]to have the mail properly signed.%0a%3c %0a---%0a> We will need to set up [[DNS/DKIM|dkim]] to have the mail properly signed.%0a> %0a607,608c541,542%0a%3c opensmtpd may be unable to connect because outgoing packets are being filtered. For example, suppose you are trying to send a letter to yahoo, but you get errors similar to following, showing a connection timeout:%0a%3c %0a---%0a> At times, opensmtpd may be unable to connect because outgoing packets are being filtered. For example, suppose you are trying to send a letter to yahoo, but you get errors similar to following, showing a connection timeout:%0a> %0a669c603%0a%3c If all your email is being marked as spam, check @@/var/log/maillog, /var/log/dovecot.err, var/log/dovecot.info or /var/log/rspamd/rspamd.log@@ . If you see a message like the following:%0a---%0a> If all your email is being marked as spam, check @@/var/log/maillog, /var/log/dovecot.err or /var/log/dovecot.info@@ . If you see a message like the following:%0a
+host:1731550605=138.43.182.133
+author:1731510706=SplinTer
+diff:1731510706:1731476845:=1,2c1,2%0a%3c Let's set up dovecot & smtpd to allow users to read mail with IMAP and POP with rspamd spam filter!%0a%3c %0a---%0a> Let's set up dovecot & smtpd to allow users to read mail with IMAP and POP.%0a> %0a6c6%0a%3c $ doas pkg_add dovecot opensmtpd-extras opensmtpd-filter-dkimsign-- opensmtpd-filter-dkimsign-0.5p2 opensmtpd-filter-rspamd-0.1.8p0 opensmtpd-filter-senderscore-0.1.2%0a---%0a> $ doas pkg_add dovecot opensmtpd-extras opensmtpd-filter-dkimsign-- dovecot%0a12d11%0a%3c %0a30,31c29,30%0a%3c Here is Example /etc/dovecot/dovecot.conf to go by! change your hostname from example to your correct host and ip address's if specified!%0a%3c %0a---%0a> Here is Example /etc/dovecot/dovecot.conf to go by! change your name from example to your correct host and ip address's if specified!%0a> %0a96,97c95,102%0a%3c %0a%3c %0a---%0a> auth_mechanisms = plain%0a> auth_verbose=yes%0a> auth_debug=yes%0a> auth_debug_passwords=yes%0a> mail_debug=yes%0a> auth_verbose_passwords=sha1%0a> verbose_ssl=yes%0a> %0a115,125d119%0a%3c The first block defines our password database to use blowfish (see [[https://man.openbsd.org/blowfish|blowfish(3)]] and [[https://man.openbsd.org/encrypt|encrypt(1)]]).%0a%3c %0a%3c The second block says that the mail must be read by user ID and group ID vmail, and%0a%3c that all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a%3c %0a%3c This again indicates all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a%3c %0a%3c You will need to replace example.com with your real domain name.%0a%3c %0a%3c Please read the instructions in the dovecot README in @@/usr/local/share/doc/pkg-readmes/dovecot@@. That file explains that you must add this [[openbsd/loginconf|login class]] to /etc/login.conf:%0a%3c %0a127,130c121,129%0a%3c dovecot:\%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8192:\%0a%3c :tc=daemon:%0a---%0a> passdb {%0a> args = scheme=blf-crypt /etc/mail/passwd%0a> driver = passwd-file%0a> }%0a> %0a> userdb {%0a> args = uid=vmail gid=vmail home=/var/vmail/%25d/%25n%0a> driver = static%0a> }%0a133,138c132,142%0a%3c '''WARNING''': You must use tabs and not spaces. If you use spaces in /etc/login.conf, the settings will '''not''' work.%0a%3c %0a%3c '''NOTE''': Allowing more open files than suggested in the README can help if you have many IP addresses.%0a%3c %0a%3c '''WARNING''': If login.conf.db exists, you will need to rebuild it:%0a%3c %0a---%0a> The first block defines our password database to use blowfish (see [[https://man.openbsd.org/blowfish|blowfish(3)]] and [[https://man.openbsd.org/encrypt|encrypt(1)]]).%0a> %0a> The second block says that the mail must be read by user ID and group ID vmail, and%0a> that all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a> %0a> This again indicates all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a> %0a> You will need to replace example.com with your real domain.%0a> %0a> Please read the instructions in the dovecot README in @@/usr/local/share/doc/pkg-readmes/dovecot@@. That file explains that you must add this [[openbsd/loginconf|login class]] to /etc/login.conf:%0a> %0a140c144,147%0a%3c # [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf%0a---%0a> dovecot:\%0a> :openfiles-cur=4096:\%0a> :openfiles-max=8192:\%0a> :tc=daemon:%0a143,144c150,155%0a%3c But it is best to just remove /etc/login.conf.db since it is not required:%0a%3c %0a---%0a> '''WARNING''': You must use tabs and not spaces. If you use spaces in /etc/login.conf, the settings will '''not''' work.%0a> %0a> '''NOTE''': Allowing more open files than suggested in the README can help if you have many IP addresses.%0a> %0a> '''WARNING''': If login.conf.db exists, you will need to rebuild it:%0a> %0a146c157%0a%3c $ doas rm /etc/login.conf.db%0a---%0a> # [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf%0a148a160,165%0a> But it is best to just remove /etc/login.conf.db since it is not required:%0a> %0a> [@%0a> $ doas rm /etc/login.conf.db%0a> @]%0a> %0a188c205%0a%3c doveconf: Fatal: Error in configuration file /etc/dovecot/conf: ssl_cert: Can't open file /etc/ssl/dovecotcert.pem: No such file or directory%0a---%0a> doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/dovecotcert.pem: No such file or directory%0a199,200c216,217%0a%3c Let's set up a mail server with dkim signing and basic rspamd checks:%0a%3c %0a---%0a> Let's set up a mail server with dkim signing and basic spam checks:%0a> %0a312,316c329,330%0a%3c The first filter will check if the sender has an rspam entry. If not, the mail%0a%3c will be labeled as junk.%0a%3c %0a%3c The fourth filter will sign any email with the DKIM private key.%0a%3c %0a---%0a> The third filter will sign any email with the DKIM private key.%0a> %0a347a362,363%0a> Lines 8-9 is similar except it's for port 587, which is the SMTP submission port.%0a> %0a353,363c369,379%0a%3c we define the action "lmtp": we pass the mail to dovecot to handle using the Local Mail Transfer Protocol (LMTP). The actual recipient will be translated using the virtuals table.%0a%3c %0a%3c we define the action "outbound": we relay (send) the email out.%0a%3c %0a%3c we defines our first matching rule: any email headed for one of our domains should be handed over to lmtp (handed over to dovecot).%0a%3c %0a%3c we defines our second matching rule: any email from a local IP address or queue can relay (send) without authentication.%0a%3c %0a%3c we defines our third matching rule: any email from our trusted @@/etc/mail/hosts@@ file will automatically be relayed (sent) without authentication.%0a%3c %0a%3c we defines our last matching rule: any email that has been properly authenticated will be relayed (sent).%0a---%0a> In line 2, we define the action "lmtp": we pass the mail to dovecot to handle using the Local Mail Transfer Protocol (LMTP). The actual recipient will be translated using the virtuals table.%0a> %0a> In line 3, we define the action "outbound": we relay (send) the email out.%0a> %0a> Line 4 defines our first matching rule: any email headed for one of our domains should be handed over to lmtp (handed over to dovecot).%0a> %0a> Line 5 defines our second matching rule: any email from a local IP address or queue can relay (send) without authentication.%0a> %0a> Line 6 defines our third matching rule: any email from our trusted @@/etc/mail/hosts@@ file will automatically be relayed (sent) without authentication.%0a> %0a> Line 7 defines our last matching rule: any email that has been properly authenticated will be relayed (sent).%0a
+host:1731510706=138.43.182.133
+author:1731476845=SplinTer
+diff:1731476845:1731470982:=1,4c1,31%0a%3c Let's set up dovecot & smtpd to allow users to read mail with IMAP and POP.%0a%3c %0a%3c !! Installation%0a%3c %0a---%0a> How to configure a small mail server%0a> %0a> Introduction%0a> Yes, another post about setting up a mail server. I know, there are plenty similar posts already out there… This one is about setting up a mail server on an Internet facing host. It will accept and send mails for a domain, store the accepted mails locally and deliver them using POP3. This is a rather lengthy post because there are quite some pieces to put together.%0a> %0a> Building blocks%0a> I use the following software to build my mail server out in the wild Internet:%0a> %0a> OpenSMTPD%0a> rspamd%0a> ClamAV%0a> Dovecot%0a> Let’s Encrypt%0a> OpenSMTPD will handle incoming and outgoing mail using SMTP. rspamd will support it in fighting incoming spam and malware (using ClamAV), and signing outgoing mail using DKIM. Dovecot stores received mail for users and delivers it using POP3. Finally acme-client(8) is used to manage the certificate from Let’s Encrypt.%0a> %0a> Basic assumptions%0a> The configuration I describe in this post is based on some assumptions about the server and its environment:%0a> %0a> Both IPv4 and IPv6 are used%0a> The server is the primary MX for the domain%0a> Both OpenSMTPD and Dovecot run on the same server%0a> Mail users must authenticate for both, POP3 and SMTP%0a> There are only a handful of mail users on this server%0a> Mail is just stored on the server until users fetch it%0a> This setup is suited for a small domain providing mail services to few users. User management is done manually and mail is stored locally. If this doesn’t fit your needs you might consider using one of the many other mail server guides out there.%0a> %0a> Before you start installing and configuring any software on your OpenBSD system I suggest that you consider using full disk encryption on it. Especially if your mail server is hosted at some provider.%0a> %0a> Preparations%0a> First you should install the required software packages:%0a> %0a6c33%0a%3c $ doas pkg_add dovecot opensmtpd-extras opensmtpd-filter-dkimsign-- dovecot%0a---%0a> $ doas pkg_add -i dovecot opensmtpd-extras rspamd opensmtpd-filter-rspamd%0a9,11c36,37%0a%3c !! Configuration%0a%3c %0a%3c A single user vmail will receive mail for all virtual users:%0a---%0a> Next you create the system user which will be used for handling mails:%0a> %0a13c39,47%0a%3c $ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a---%0a> doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a> $ doas mkdir /var/vmail%0a> $ doas chown vmail:vmail /var/vmail%0a> $ doas chmod 0750 /var/vmail%0a> $ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a> $ doas chown _smtpd:_dovecot /etc/mail/passwd%0a> $ doas chmod 770 /etc/mail/dkim/%0a> $ doas chmod 440 /etc/mail/passwd%0a> $ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a16,20c50,51%0a%3c /var/vmail will be used to store virtual users' maildir folders. It will be managed by%0a%3c dovecot, which receives mail via LMTP.%0a%3c %0a%3c In order to secure our passwords, we need to rearrange file permissions and owners:%0a%3c %0a---%0a> And you create the passwd(5) which will hold the information about the mail users on your system:%0a> %0a22,26c53,56%0a%3c $ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a%3c $ doas chown _smtpd:_dovecot /etc/mail/passwd%0a%3c $ doas chmod 770 /etc/mail/dkim/%0a%3c $ doas chmod 440 /etc/mail/passwd%0a%3c $ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a---%0a> $ smtpctl encrypt 1amApASSw0rd | sed "s/^/muser:/;s/$/::::::/" > passwd%0a> $ doas mv passwd /etc/mail/passwd%0a> $ doas chown _dovecot:_smtpd /etc/mail/passwd%0a> $ doas chmod 0440 /etc/mail/passwd%0a29,30c59,60%0a%3c Here is Example /etc/dovecot/dovecot.conf to go by! change your name from example to your correct host and ip address's if specified!%0a%3c %0a---%0a> If you want to use DKIM to sign your outgoing mail it is time to create the key for it:%0a> %0a32,36c62,96%0a%3c protocols = imap pop3 lmtp%0a%3c listen = 198.251.81.119, 2605:6400:10:5bf::, 127.0.0.1%0a%3c %0a%3c service lmtp {%0a%3c user = vmail%0a---%0a> $ doas mkdir /etc/mail/dkim%0a> $ doas openssl genrsa -out /etc/mail/dkim/example.net.key 1024%0a> $ doas openssl rsa -in /etc/mail/dkim/example.net.key -pubout \%0a> > -out /etc/mail/dkim/example.net.pub%0a> $ doas chgrp _rspamd /etc/mail/dkim/example.net.key%0a> $ doas chmod 0640 /etc/mail/dkim/example.net.key%0a> @]%0a> %0a> There are some entries required in the DNS zone of your domain. The following command will generate a text file ready to import into the zone file:%0a> %0a> [@%0a> $ echo ' MX 10 mail.example.net.' > rrs.txt%0a> $ echo ' TXT "v=spf1 mx -all"' >> rrs.txt%0a> $ echo 'mail A 192.0.2.10' >> rrs.txt%0a> $ echo ' AAAA 2001:db8::c000:020a' >> rrs.txt%0a> $ echo 'pop3 CNAME mail' >> rrs.txt%0a> $ echo '$ORIGIN _domainkey.example.net.' >> rrs.txt%0a> $ pubkey=$(sed /^-/d /etc/mail/dkim/example.net.pub | tr -d '\n')%0a> $ echo "default TXT \"v=DKIM1;k=rsa;p=${pubkey}\"" >> rrs.txt%0a> @]%0a> %0a> Certificates from Let’s Encrypt%0a> Of course you can use any certificate provider who supports the ACME protocol. I use Let’s Encrypt because they provide certificates for free, which is a huge win if you run a small site like this one.%0a> %0a> You will use httpd(8) to answer the challenges. Create a /etc/httpd.conf similar to this one:%0a> %0a> [@%0a> server "mail.example.net" {%0a> listen on egress port http%0a> alias "pop3.example.net"%0a> root "/"%0a> location "/.well-known/acme-challenge/*" {%0a> request strip 2%0a> root "/acme"%0a> }%0a39,51c99,100%0a%3c service imap-login {%0a%3c inet_listener imap {%0a%3c address = *%0a%3c port = 143%0a%3c }%0a%3c inet_listener imaps {%0a%3c address = *%0a%3c port = 993%0a%3c ssl = yes%0a%3c }%0a%3c user = _dovecot%0a%3c group = _dovecot%0a%3c executable = /usr/local/libexec/dovecot/imap-login%0a---%0a> types {%0a> include "/usr/share/misc/mime.types"%0a53,57c102,117%0a%3c %0a%3c service auth {%0a%3c user = _dovecot%0a%3c group = _dovecot%0a%3c executable = /usr/local/libexec/dovecot/auth%0a---%0a> @]%0a> %0a> Test your configuration, enable and start httpd(8):%0a> %0a> [@%0a> $ doas httpd -n%0a> $ doas rcctl enable httpd%0a> $ doas rcctl start httpd%0a> @]%0a> %0a> Now acme-client(8) needs to know what to do and with whom. Take /etc/examples/acme-client.conf, adapt it to your needs and save the result as /etc/acme-client.conf:%0a> %0a> [@%0a> authority letsencrypt {%0a> api url "https://acme-v02.api.letsencrypt.org/directory"%0a> account key "/etc/acme/letsencrypt-privkey.pem"%0a60,66c120,122%0a%3c service quota-warning {%0a%3c executable = script /usr/local/libexec/dovecot/quota-warning.sh%0a%3c unix_listener quota-warning {%0a%3c mode = 0600%0a%3c user = vmail%0a%3c group = vmail%0a%3c }%0a---%0a> authority letsencrypt-staging {%0a> api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a> account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a69,105c125,131%0a%3c quota_full_tempfail = yes%0a%3c pop3_fast_size_lookups = yes%0a%3c pop3_no_flag_updates = yes%0a%3c pop3_uidl_format = %25g%0a%3c ssl = yes%0a%3c ssl_cert = %3c/etc/ssl/mail.examplee.com.crt%0a%3c ssl_key = %3c/etc/ssl/private/mail.example.com.key%0a%3c ssl_dh=%3c/etc/dovecot/dhparam.pem%0a%3c ssl_cipher_list = ALL:!LOW:!SSLv2%0a%3c %0a%3c mail_location = maildir:/var/vmail/%25d/%25n/Maildir%0a%3c mail_uid = 1024%0a%3c mail_gid = 1024%0a%3c %0a%3c valid_chroot_dirs = /var/vmail%0a%3c log_path = /var/log/dovecot.err%0a%3c info_log_path = /var/log/dovecot.info%0a%3c log_timestamp = "%25Y-%25m-%25d %25H:%25M:%25S "%0a%3c login_greeting = Dovecot ready.%0a%3c disable_plaintext_auth = no%0a%3c auth_verbose = yes%0a%3c auth_debug = yes%0a%3c auth_debug_passwords = yes%0a%3c mail_debug = yes%0a%3c auth_verbose_passwords=sha1%0a%3c verbose_ssl=yes%0a%3c auth_mechanisms = plain%0a%3c auth_verbose=yes%0a%3c auth_debug=yes%0a%3c auth_debug_passwords=yes%0a%3c mail_debug=yes%0a%3c auth_verbose_passwords=sha1%0a%3c verbose_ssl=yes%0a%3c %0a%3c passdb {%0a%3c driver = passwd-file%0a%3c args = scheme=blf-crypt /etc/dovecot/users.txt%0a---%0a> domain mail.example.net {%0a> alternative names {%0a> pop3.example.net%0a> }%0a> domain key "/etc/ssl/private/mail.example.net.key"%0a> domain full chain certificate "/etc/ssl/mail.example.net.crt"%0a> sign with letsencrypt%0a107,111d132%0a%3c %0a%3c userdb {%0a%3c args = uid=vmail gid=vmail home=/var/vmail/%25d/%25n%0a%3c driver = static%0a%3c }%0a114,119c135,141%0a%3c This tells dovecot to listen to the protocols IMAP, POP3, and LMTP.%0a%3c '''Note''': We don't want to support submission with dovecot.%0a%3c %0a%3c It also tells dovecot the public IPs you want it to listen on. Finally, the last%0a%3c block tells dovecot to change to the username vmail to listen for LMTP.%0a%3c %0a---%0a> This config will issue a valid certificate right away. If you feel like testing in the first place, you should change the line sign with to letsencrypt-staging until you feel comfortable with the process.%0a> %0a> Before you can get your certificate you must make sure pf(4) lets the requests actually pass through to httpd(8). Add a rule similar to the following one to your pf.conf(5):%0a> %0a> pass in log on egress proto tcp from any to egress port http%0a> After adding this rule to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a> %0a121,129c143,144%0a%3c passdb {%0a%3c args = scheme=blf-crypt /etc/mail/passwd%0a%3c driver = passwd-file%0a%3c }%0a%3c %0a%3c userdb {%0a%3c args = uid=vmail gid=vmail home=/var/vmail/%25d/%25n%0a%3c driver = static%0a%3c }%0a---%0a> $ doas pfctl -nf /etc/pf.conf%0a> $ doas pfctl -f /etc/pf.conf%0a132,142c147,148%0a%3c The first block defines our password database to use blowfish (see [[https://man.openbsd.org/blowfish|blowfish(3)]] and [[https://man.openbsd.org/encrypt|encrypt(1)]]).%0a%3c %0a%3c The second block says that the mail must be read by user ID and group ID vmail, and%0a%3c that all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a%3c %0a%3c This again indicates all mail will be in the folders /var/vmail/%3cdomain>/%3cusername>.%0a%3c %0a%3c You will need to replace example.com with your real domain.%0a%3c %0a%3c Please read the instructions in the dovecot README in @@/usr/local/share/doc/pkg-readmes/dovecot@@. That file explains that you must add this [[openbsd/loginconf|login class]] to /etc/login.conf:%0a%3c %0a---%0a> Now you can get your certificate using the following command:%0a> %0a144,147c150%0a%3c dovecot:\%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8192:\%0a%3c :tc=daemon:%0a---%0a> $ doas acme-client mail.example.net%0a150,155c153,154%0a%3c '''WARNING''': You must use tabs and not spaces. If you use spaces in /etc/login.conf, the settings will '''not''' work.%0a%3c %0a%3c '''NOTE''': Allowing more open files than suggested in the README can help if you have many IP addresses.%0a%3c %0a%3c '''WARNING''': If login.conf.db exists, you will need to rebuild it:%0a%3c %0a---%0a> Certificates have an expiry date, like groceries. You may want to make sure your certificate gets renewed automatically before it expires. The file /etc/daily.local can take care of this for you:%0a> %0a157c156,159%0a%3c # [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf%0a---%0a> #!/bin/sh%0a> %0a> /usr/sbin/acme-client mail.example.net%0a> [[ $? -eq 0 ]] && rcctl restart smtpd dovecot%0a160,161c162,166%0a%3c But it is best to just remove /etc/login.conf.db since it is not required:%0a%3c %0a---%0a> Anti-malware shield ClamAV%0a> ClamAV will be used by rspamd to scan attachments for malware. To do so you need some configuration for ClamAV first in order to run it as a daemon and to keep the malware database up to date. Or if you run a malware scan server in your environment you can connect rspamd to it.%0a> %0a> First you configure the daemon freshclam to make sure the malware database of ClamAV stays up to date. The file /etc/freshclam.conf contains the following settings:%0a> %0a163c168,173%0a%3c $ doas rm /etc/login.conf.db%0a---%0a> LogTime yes%0a> LogSyslog yes%0a> LogFacility LOG_DAEMON%0a> DatabaseMirror db.ch.clamav.net%0a> DatabaseMirror database.clamav.net%0a> NotifyClamd /etc/clamd.conf%0a166,169c176,177%0a%3c !! Starting dovecot%0a%3c %0a%3c To start dovecot via [[openbsd/rcctl|rcctl]]:%0a%3c %0a---%0a> Enable and start freshclam now so it has time to update the signature database for ClamAV:%0a> %0a171,172c179,180%0a%3c $ doas rcctl enable dovecot%0a%3c $ doas rcctl start dovecot%0a---%0a> $ doas rcctl enable freshclam%0a> $ doas rcctl start freshclam%0a175,180c183,184%0a%3c !! Troubleshooting%0a%3c %0a%3c Make sure to check /var/log/maillog:%0a%3c Make sure to check Errors in /var/log/dovecot.err%0a%3c Make sure to check Info in /var/log/dovecot.info%0a%3c %0a---%0a> Next you configure clamd. In /etc/clamd.conf the following lines are set:%0a> %0a182c186,201%0a%3c $ openssl s_client -starttls imap -connect username.example.com:143%0a---%0a> LogTime yes%0a> LogSyslog yes%0a> LogFacility LOG_DAEMON%0a> TemporaryDirectory /tmp%0a> LocalSocket /var/clamav/clamd.sock%0a> TCPSocket 3310%0a> TCPAddr 127.0.0.1%0a> User _clamav%0a> DetectPUA yes%0a> AlertEncrypted yes%0a> AlertEncryptedArchive yes%0a> AlertEncryptedDoc yes%0a> AlertOLE2Macros yes%0a> AlertPhishingSSLMismatch yes%0a> AlertPhishingCloak yes%0a> MaxRecursion 12%0a185,186c204,205%0a%3c When starting dovecot, you may find it fails:%0a%3c %0a---%0a> You may want to study the man page of clamd.conf and consider each of the options named Alert*. Some of these may block attachments you actually don’t want to get blocked on your mail server. As soon as you are happy with your configuration it is time to enable and start clamd:%0a> %0a188c207,208%0a%3c $ doas rcctl start dovecot%0a---%0a> $ doas rcctl enable clamd%0a> $ doas rcctl start clamd%0a191,192c211,215%0a%3c When this happens, run the rc.d script with debugging turned on:%0a%3c %0a---%0a> You may get a timeout warning after the start command. Using pgrep(1) you can check if clamd is actually running or not. In most cases it will be running and you can ignore the timeout message.%0a> %0a> Santas storage bag Redis%0a> The preferred storage for rspamd data is Redis. It used to be one of those packages you could just install and start. But not anymore. First of all you will want Redis to listen to a UNIX socket on the local machine. Those come with far less overhead than TCP sockets and therefore speed up the communication between rspamd and Redis. Add the following two lines to /etc/redis/redis.conf:%0a> %0a194,202c217,218%0a%3c $ doas /etc/rc.d/dovecot -d start%0a%3c doing _rc_parse_conf%0a%3c doing _rc_quirks%0a%3c dovecot_flags empty, using default >%3c%0a%3c doing rc_check%0a%3c dovecot%0a%3c doing rc_start%0a%3c doing _rc_wait start%0a%3c doing rc_check%0a---%0a> unixsocket /var/run/redis/redis.sock%0a> unixsocketperm 770%0a205,210c221,222%0a%3c doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/dovecotcert.pem: No such file or directory%0a%3c doing _rc_rm_runfile%0a%3c (failed)%0a%3c %0a%3c In this case, you can see the error is in line 12 I forgot to write the real path of the cert: @@/etc/ssl/example.com.crt@@ (where example.com is replaced with my real domain).%0a%3c %0a---%0a> Make sure that rspamd can write to the socket. Unfortunately Redis does not support setting owner/group for the socket. So you have to make the user _rspamd a member of the group _redis:%0a> %0a212,213c224%0a%3c Jun 9 01:37:35 jrmu dovecot: auth: Error: passwd-file(jrmu@jrmu.host.oddprotocol.org,125.231.25.80,%3caiyNgk/EuHB95xlQ>): stat(/etc/mail/passwd) failed: Permission denied (euid=518(_dovecot) egid=518(_dovecot) missing +x perm: /etc/mail, we're not in group 1003(_mail), dir owned by 95:1003 mode=0750)%0a%3c Jun 9 01:37:41 jrmu dovecot: auth: Error: passwd-file(jrmu@jrmu.host.oddprotocol.org,125.231.25.80,%3caiyNgk/EuHB95xlQ>): stat(/etc/mail/passwd) failed: Permission denied (euid=518(_dovecot) egid=518(_dovecot) missing +x perm: /etc/mail, we're not in group 1003(_mail), dir owned by 95:1003 mode=0750)%0a---%0a> $ doas usermod -G _redis _rspamd%0a216,236c227,231%0a%3c Let's set up a mail server with dkim signing and basic spam checks:%0a%3c %0a%3c !! Before we begin%0a%3c %0a%3c Read the the man pages for [[https://man.openbsd.org/smtpd|opensmtpd]], [[https://man.openbsd.org/smtpd.conf|smtpd.conf]], and [[https://man.openbsd.org/smtpctl|smtpctl]]. %0a%3c %0a%3c Read the [[https://github.com/poolpOrg/OpenSMTPD-book|free OpenSMTPd book]] by the%0a%3c author of OpenSMTPd%0a%3c %0a%3c !! DNS%0a%3c %0a%3c Running a mail server requires proper DNS records. If you have not already, you will%0a%3c want to read up on [[dns/overview|DNS]] and [[nsd/configure|set up your name server]].%0a%3c %0a%3c You will need to [[DNS/Mail|add proper DNS records]] to your domain and make sure they work.%0a%3c %0a%3c !! Install%0a%3c %0a%3c Opensmtpd is part of OpenBSD base, but we will also want to install some%0a%3c opensmtpd-related packages and dovecot:%0a%3c %0a---%0a> If the logs of rspamd show messages containing:%0a> %0a> ERR max number of clients reached%0a> it is necessary to increase the number of allowed clients in Redis. By default this is set to 96. You can increase the value by tweaking the setting maxclients in /etc/redis/redis.conf:%0a> %0a238c233%0a%3c $ doas pkg_add opensmtpd-extras opensmtpd-filter-dkimsign-- dovecot-2.3.21.1v0 rspamd-3.9.1%0a---%0a> maxclients 128%0a241,253c236,242%0a%3c If prompted to choose a version for dovecot, choose the one without gssapi [[https://doc.dovecot.org/3.0/configuration_manual/authentication/gssapi/|gssapi]]. %0a%3c %0a%3c Make sure to read the dkimsign filter README at @@/usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign@@.%0a%3c %0a%3c !! Configuration%0a%3c %0a%3c !!! TLS%0a%3c %0a%3c You will want to use [[acme-client/configure|acme-client]] to request a TLS public cert and private key%0a%3c in @@/etc/ssl/@@.%0a%3c %0a%3c Next, we'll create our smtpd configuration file in @@/etc/mail/smtpd.conf@@:%0a%3c %0a---%0a> You might need to use even higher number, depending on what modules of rspamd you actually use with Redis.%0a> %0a> Santas little helper rspamd%0a> rspamd will cover all the extra needs we have today when running a mail server out in the wild. It provides a highly customizable and trainable spam filter, malware filter, greylisting and DKIM signing.%0a> %0a> While most modules work out of the box the DKIM signing needs configuration in order to find the key it should use to sign mails. Create the /etc/rspamd/local.d/dkim_signing.conf containing this:%0a> %0a255,298c244,252%0a%3c # PKI for TLS%0a%3c pki mail.example.com cert "/etc/ssl/mail.example.com.crt" # path to SSL certificate%0a%3c pki mail.example.com key "/etc/ssl/private/mail.example.com.key" # path to private key%0a%3c %0a%3c # tables setup%0a%3c table aliases file:/etc/mail/aliases%0a%3c table domains file:/etc/mail/domains%0a%3c table passwd file:/etc/mail/passwd%0a%3c table users file:/etc/mail/users%0a%3c table vusers file:/etc/mail/vusers%0a%3c table hosts file:/etc/mail/hosts%0a%3c %0a%3c # Blocks junk mail%0a%3c filter rspamd proc-exec "filter-rspamd"%0a%3c filter check_rdns phase connect match !rdns junk%0a%3c filter check_fcrdns phase connect match !fcrdns junk%0a%3c filter "dkimsign" proc-exec "filter-dkimsign -d example.com -s mail -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign%0a%3c %0a%3c # macros%0a%3c ipv4 = "publicipv4"%0a%3c ipv6 = "publicipv6"%0a%3c check = "pki mail.example.com filter { check_rdns check_fcrdns rspamd } hostname example.com"%0a%3c authcheck = "pki mail.example.com auth %3cpasswd> mask-src senders %3cusers> filter { check_rdns check_fcrdns dkimsign rspamd } hostname example.com"%0a%3c %0a%3c # listeners%0a%3c listen on socket filter { dkimsign rspamd }%0a%3c listen on lo0 filter { dkimsign rspamd }%0a%3c # listen on socket filter "dkimsign"%0a%3c # listen on lo0 filter "dkimsign"%0a%3c listen on $ipv4 port 25 tls $check%0a%3c listen on $ipv6 port 25 tls $check %0a%3c listen on $ipv4 port 465 tls-require $authcheck %0a%3c listen on $ipv6 port 465 tls-require $authcheck %0a%3c listen on $ipv4 port 587 tls-require $authcheck %0a%3c listen on $ipv6 port 587 tls-require $authcheck%0a%3c %0a%3c # rules%0a%3c action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvusers>%0a%3c action "outbound" relay src $ipv4%0a%3c %0a%3c match from any for domain %3cdomains> action "lmtp"%0a%3c match from src %3chosts> for any action "outbound"%0a%3c match from local for any action "outbound"%0a%3c match auth from any for any action "outbound" %0a---%0a> allow_username_mismatch = true;%0a> sign_networks = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a> %0a> domain {%0a> example.net {%0a> path = "/etc/mail/dkim/example.net.key";%0a> selector = "default";%0a> }%0a> }%0a301,384c255,258%0a%3c The domains table contains a list of domains that our mail server should%0a%3c receive mail on. domains file:/etc/mail/domains%0a%3c %0a%3c '''Note''': Do not add domains that your mail server does not directly serve%0a%3c (for example, do not add domains you intend to forward mail to). If you add%0a%3c them by mistake, the mail server will not forward the mail properly.%0a%3c %0a%3c The passwd table contains a colon-separated list of username/password/disk quota%0a%3c entries. passwd file for smptpd /etc/mail/passwd%0a%3c %0a%3c The vusers file shows which virtual user should handle whose mail. They are written as @@key: value@@ pairs.%0a%3c See [[https://man.openbsd.org/aliases|aliases(5)]] for more information. vusers file:/etc/mail/vusers%0a%3c %0a%3c The hosts file contains a list of trusted sending hosts. hosts file:/etc/mail/hosts%0a%3c %0a%3c The users file contains a list of valid sending users. users file:/etc/mail/users%0a%3c %0a%3c All of these tables will be explained further in the following sections.%0a%3c %0a%3c !!! Dealing with Spam%0a%3c %0a%3c %0a%3c The first filter will check if the sender has an rdns entry. If not, the mail%0a%3c will be labeled as junk.%0a%3c %0a%3c The second filter will check if the sender's forward and reverse dns entry match. If%0a%3c not, the mail will be labeled as junk.%0a%3c %0a%3c The third filter will sign any email with the DKIM private key.%0a%3c %0a%3c # -d specifies the domain name to sign for; you must replace example.com with your real domain.%0a%3c # -s specifies the selector (in this case mail).%0a%3c # -k specifies the path of the private key.%0a%3c # user and group both specify _dkimsign, the user and group that does the signing%0a%3c %0a%3c !!! Macros%0a%3c %0a%3c A macro defines a variable that will be replaced with a block of text:%0a%3c %0a%3c Lines 2 and 3 define the IPv4 and IPv6 addresses used for sending and receiving mail.%0a%3c %0a%3c Line 4 tells opensmtpd to use the public/private keys we defined earlier for @@example.com@@. We mask the sender's source (the '''from''' part of the @@Received@@ header). We also apply two filters to check for proper forward and reverse confirmed DNS entries. Finally, we indicate that the sending hostname must be example.com instead of the default server name.%0a%3c %0a%3c Line 5 is identical to line 4 except it requires authentication with the password file and it checks if the sender is allowed.%0a%3c %0a%3c !!! Listeners%0a%3c %0a%3c The listeners tell us what network interfaces, IP addresses, and ports to listen on.%0a%3c %0a%3c Line 2 tells smtpd to listen to the UNIX domain socket and to DKIM sign all %0a%3c emails. Line 3 tells us to listen to the loopback interface and also%0a%3c sign all emails.%0a%3c %0a%3c Lines 4-5 tells smtpd to listen on the IPv4 and IPv6 address on port 25, to provide%0a%3c TLS if supported but to offer plaintext as a fallback. Only basic checking is done.%0a%3c %0a%3c Lines 6-7 tells smtpd to listen on the IPv4 and IPv6 address on port 465, for SMTPS.%0a%3c TLS encryption is required and authentication checking is forced because this socket%0a%3c can be used for sending mail to other servers. We want to avoid an%0a%3c [[opensmtpd/openrelay|open mail relay]].%0a%3c %0a%3c Lines 8-9 is similar except it's for port 587, which is the SMTP submission port.%0a%3c %0a%3c !!! Rules%0a%3c %0a%3c Next we define the actions that opensmtpd can take and how to decide which%0a%3c action to follow:%0a%3c %0a%3c In line 2, we define the action "lmtp": we pass the mail to dovecot to handle using the Local Mail Transfer Protocol (LMTP). The actual recipient will be translated using the virtuals table.%0a%3c %0a%3c In line 3, we define the action "outbound": we relay (send) the email out.%0a%3c %0a%3c Line 4 defines our first matching rule: any email headed for one of our domains should be handed over to lmtp (handed over to dovecot).%0a%3c %0a%3c Line 5 defines our second matching rule: any email from a local IP address or queue can relay (send) without authentication.%0a%3c %0a%3c Line 6 defines our third matching rule: any email from our trusted @@/etc/mail/hosts@@ file will automatically be relayed (sent) without authentication.%0a%3c %0a%3c Line 7 defines our last matching rule: any email that has been properly authenticated will be relayed (sent).%0a%3c %0a%3c !!! Complete configuration file%0a%3c %0a%3c Here is the entire configuration file in @@/etc/mail/smtpd.conf@@:%0a%3c %0a---%0a> The line sign_networks is only needed if you have other servers in the same domain that will use this MX as relay.%0a> %0a> Furthermore you have to tell rspamd under which circumstances it should perform DKIM signing only. The common cases for this are mails from authenticated users and mails from other systems in the same domain. In /etc/rspamd/local.d/settings.conf add the following two blocks:%0a> %0a386,429c260,276%0a%3c # PKI for TLS%0a%3c pki mail.example.com cert "/etc/ssl/mail.example.com.crt" # path to SSL certificate%0a%3c pki mail.example.com key "/etc/ssl/private/mail.example.com.key" # path to private key%0a%3c %0a%3c # tables setup%0a%3c table aliases file:/etc/mail/aliases%0a%3c table domains file:/etc/mail/domains%0a%3c table passwd file:/etc/mail/passwd%0a%3c table users file:/etc/mail/users%0a%3c table vusers file:/etc/mail/vusers%0a%3c table hosts file:/etc/mail/hosts%0a%3c %0a%3c # Blocks junk mail%0a%3c filter rspamd proc-exec "filter-rspamd"%0a%3c filter check_rdns phase connect match !rdns junk%0a%3c filter check_fcrdns phase connect match !fcrdns junk%0a%3c filter "dkimsign" proc-exec "filter-dkimsign -d example.com -s mail -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign%0a%3c %0a%3c # macros%0a%3c ipv4 = "publicipv4"%0a%3c ipv6 = "publicipv6"%0a%3c check = "pki mail.example.com filter { check_rdns check_fcrdns rspamd } hostname example.com"%0a%3c authcheck = "pki mail.example.com auth %3cpasswd> mask-src senders %3cusers> filter { check_rdns check_fcrdns dkimsign rspamd } hostname example.com"%0a%3c %0a%3c # listeners%0a%3c listen on socket filter { dkimsign rspamd }%0a%3c listen on lo0 filter { dkimsign rspamd }%0a%3c # listen on socket filter "dkimsign"%0a%3c # listen on lo0 filter "dkimsign"%0a%3c listen on $ipv4 port 25 tls $check%0a%3c listen on $ipv6 port 25 tls $check %0a%3c listen on $ipv4 port 465 tls-require $authcheck %0a%3c listen on $ipv6 port 465 tls-require $authcheck %0a%3c listen on $ipv4 port 587 tls-require $authcheck %0a%3c listen on $ipv6 port 587 tls-require $authcheck%0a%3c %0a%3c # rules%0a%3c action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvusers>%0a%3c action "outbound" relay src $ipv4%0a%3c %0a%3c match from any for domain %3cdomains> action "lmtp"%0a%3c match from src %3chosts> for any action "outbound"%0a%3c match from local for any action "outbound"%0a%3c match auth from any for any action "outbound"%0a---%0a> sign_auth {%0a> id = "sign_auth";%0a> authenticated = true;%0a> apply {%0a> symbols_enabled = ["DKIM_SIGNED"];%0a> flags = ["skip_process"];%0a> }%0a> }%0a> %0a> sign_only {%0a> id = "sign_only";%0a> ip = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a> apply {%0a> symbols_enabled = ["DKIM_SIGNED"];%0a> flags = ["skip_process"];%0a> }%0a> }%0a432,435c279,280%0a%3c !! Configuring Virtual Users%0a%3c %0a%3c A single user vmail will receive mail for all virtual users:%0a%3c %0a---%0a> In case you use ClamAV for malware scanning this module of rspamd needs some configuration too. Create the file /etc/rspamd/local.d/antivirus.conf with the following content:%0a> %0a437c282,292%0a%3c $ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a---%0a> clamav {%0a> action = "reject";%0a> message = '${SCANNER}: virus found: "${VIRUS}"';%0a> scan_mime_parts = true;%0a> scan_image_mime = false;%0a> symbol = "CLAM_VIRUS";%0a> type = "clamav";%0a> prefix = "rs_cl_";%0a> servers = "/var/clamav/clamd.sock";%0a> whitelist = "${DBDIR}/wl_antivirus.map.local";%0a> }%0a440,445c295,298%0a%3c /var/vmail will be used to store virtual users' maildir folders. It will be managed by dovecot, which receives mail via LMTP.%0a%3c %0a%3c !! Adding users%0a%3c %0a%3c Create a new file @@/etc/mail/vusers@@ and add these lines:%0a%3c %0a---%0a> These settings are very strict by rejecting every mail that scans positive for malware. Depending on your needs you may want to reconsider this and add a high score to the mail instead. This gives you the chance to put into quarantine instead of blocking it completely.%0a> %0a> If rspamd keeps misclassifying mails from particular domains you may want to improve the score of those mails by whitelisting these. Create the file /etc/rspamd/local.d/multimap.conf:%0a> %0a447,449c300,305%0a%3c root admin@example.com%0a%3c admin@example.com vmail%0a%3c username@example.com vmail%0a---%0a> WHITELIST_SENDER_DOMAIN {%0a> type = "from";%0a> filter = "email:domain";%0a> map = "${DBDIR}/wl_sender_domain.map.local";%0a> score = -5.0;%0a> }%0a452,461c308,309%0a%3c Now, any mail sent to root will get forwarded to admin@example.com.%0a%3c %0a%3c '''NOTE''': Make sure to check the mail account linked to root often! [[https://man.openbsd.org/daily|daily(8)]] and other programs will send mails to root.%0a%3c %0a%3c You can optionally add one line for each user to provide aliases.%0a%3c %0a%3c For each new user account, you will want to create a new line.%0a%3c %0a%3c You'll also need to create one line for each user in @@/etc/mail/users@@:%0a%3c %0a---%0a> Some of the modules of rspamd work best using Redis as storage. To make sure all these modules use your local Redis instance create a file /etc/rspamd/local.d/redis.conf containing the following line:%0a> %0a463,464c311%0a%3c admin@example.com: admin@example.com%0a%3c username@example.com: username@example.com%0a---%0a> servers = "/var/run/redis/redis.sock";%0a467,468c314,317%0a%3c A whitelist of known good senders goes into @@/etc/mail/hosts@@:%0a%3c %0a---%0a> In case you have not enabled the UNIX domain socket for Redis you can replace the path by localhost so it will use the TCP connection instead.%0a> %0a> In case you want to redirect the logging of rspamd from /var/log/rspamd/rspamd.log to the general /var/log/maillog you need to create the file /etc/rspamd/local.d/logging.inc with the following content:%0a> %0a470,471c319,321%0a%3c 192.168.1.1%0a%3c 2001:db8::%0a---%0a> type = "syslog";%0a> facility = "mail";%0a> level = "notice";%0a474,478c324,325%0a%3c Replace IP addresses 192.168.1.1 and 2001:db8:: with your server's real IP addresses.%0a%3c %0a%3c In @@/etc/mail/mailname@@, put in the name you want to use for your mail server. This%0a%3c is very important for passing anti-spam checks:%0a%3c %0a---%0a> It is time to enable and start rspamd and its memory storage Redis:%0a> %0a480c327,328%0a%3c example.com%0a---%0a> $ doas rcctl enable redis rspamd%0a> $ doas rcctl start redis rspamd%0a483,484c331,333%0a%3c The list of domains this mail server can receive emails for will go inside @@/etc/mail/domains@@:%0a%3c %0a---%0a> Dovecot as POP3 server%0a> First, follow the pkg-readme of Dovecot and create an own login class for it in /etc/login.conf:%0a> %0a486,487c335,338%0a%3c example.com%0a%3c mail.example.com%0a---%0a> dovecot:\%0a> :openfiles-cur=1024:\%0a> :openfiles-max=2048:\%0a> :tc=daemon:%0a490,491c341,342%0a%3c In @@/etc/mail/passwd@@, we have a list of colon-separated user credentials:%0a%3c %0a---%0a> I recommend to you to put the actual configuration of Dovecot into /etc/dovecot/local.conf and leave all the other config files alone (with one exception further down). This way updates won’t destroy your configuration. For a POP3-only configuration the file should look similar to this one:%0a> %0a493,494c344,393%0a%3c admin@example.com:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G%0a%3c username@example.com:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G%0a---%0a> hostname = mail.example.net%0a> listen = 192.0.2.10, 2001:db8::c000:020a%0a> login_greeting = "%25s.example.net ready"%0a> mail_home = /home/vmail/%25d/%25n%0a> mail_location = mbox:~/mbox%0a> pop3_fast_size_lookups = yes%0a> pop3_no_flag_updates = yes%0a> pop3_uidl_format = %25g%0a> protocols = lmtp pop3%0a> ssl = yes%0a> ssl_cert = %3c/etc/ssl/mail.example.net.fullchain.pem%0a> ssl_key = %3c/etc/ssl/private/mail.example.net.key%0a> ssl_dh = %3c/etc/ssl/dh4096.pem%0a> ssl_min_protocol = TLSv1.2%0a> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH%0a> ssl_prefer_server_ciphers = yes%0a> %0a> passdb {%0a> driver = passwd-file%0a> args = scheme=blf-crypt /etc/mail/passwd%0a> }%0a> %0a> service auth {%0a> unix_listener auth-userdb {%0a> mode = 0600%0a> user = vmail%0a> }%0a> }%0a> %0a> service lmtp {%0a> user = vmail%0a> }%0a> %0a> service pop3-login {%0a> inet_listener pop3 {%0a> address = 127.0.0.1, ::1%0a> }%0a> }%0a> %0a> service stats {%0a> unix_listener stats-writer {%0a> user = vmail%0a> group = _dovecot%0a> }%0a> }%0a> %0a> userdb {%0a> driver = static%0a> args = uid=vmail gid=vmail home=/home/vmail/%25d/%25n%0a> }%0a497,502c396,399%0a%3c Each field is separated with a colon.%0a%3c %0a%3c The first field tells you the username. Note that usernames include a domain -- this is because you might host mail for multiple domains. So, when logging in to the mail server, your mail client must be of the format username@example.com.%0a%3c %0a%3c The second field is the password hash. To generate a hash, you can run encrypt:%0a%3c %0a---%0a> The configuration makes POP3 available on the public IP addresses using TCP port 995 which requires an encrypted connection right from the start. This makes it hard for users to send clear text passwords over an clear text connection. For debugging purposes there is a clear text connection available on localhost TCP port 110.%0a> %0a> Due to a bug in the config parser of Dovecot you must comment out two lines in /etc/dovecot/conf.d/10-ssl.conf or the loading of the certificate and key files will fail:%0a> %0a504c401%0a%3c $ encrypt specificpassword%0a---%0a> $ doas sed -i "/^ssl_[cert|key]/s/^/#/" /etc/dovecot/conf.d/10-ssl.conf%0a507,510c404,405%0a%3c Type your password, then press @@enter@@. Type @@ctrl+d@@ to quit.%0a%3c %0a%3c @@smtpctl encrypt@@ also does the same thing:%0a%3c %0a---%0a> Check your configuration so far by testing the login for mail users with the following commands:%0a> %0a512c407,408%0a%3c $ smtpctl encrypt%0a---%0a> $ doas doveadm user muser@example.net%0a> $ doas doveadm auth login muser@example.net%0a515,522c411,417%0a%3c '''WARNING''': Special characters like $, when used in passwords, may cause issues with your mail client or with opensmtpd. To be safe, you might want to use only alphanumeric characters for your password. You can increase the length of the password for more security.%0a%3c %0a%3c The last field sets how much data storage each user is allowed. The default here is 1 gigabyte.%0a%3c %0a%3c !!! File Permissions%0a%3c %0a%3c Make sure to set the proper permissions:%0a%3c %0a---%0a> The first command should give you information about the account muser while the second one should check if the password you’ve set for muser is correct.%0a> %0a> Beside POP3 Dovecot also listens for LMTP connections on the local UNIX socket /var/dovecot/lmtp. OpenSMTPD will use this socket to hand over received mails to Dovecot.%0a> %0a> OpenSMTPD as mail transport agent%0a> Your server probably got another hostname, so make sure OpenSMTPD always identifies with the right name:%0a> %0a524,528c419%0a%3c $ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a%3c $ doas chown _smtpd:_dovecot /etc/mail/passwd%0a%3c $ doas chmod 770 /etc/mail/dkim/%0a%3c $ doas chmod 440 /etc/mail/passwd%0a%3c $ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a---%0a> # echo "mail.example.net" > /etc/mail/mailname%0a531,550c422,423%0a%3c Note that you want to keep the ownership of any files that are listed in @@/etc/mtree/special@@ the same, and the file permissions must be at least as strict as those. Otherwise the [[security(8) -> https://man.openbsd.org/security]] script run by [[daily(8) -> https://man.openbsd.org/daily]] will flag those files and mail you about them.%0a%3c %0a%3c !! IMAP and POP3 via dovecot%0a%3c %0a%3c To finish the setup, we need to [[dovecot/install|install and configure dovecot]].%0a%3c %0a%3c !! DKIM signing%0a%3c %0a%3c We will need to set up [[DNS/DKIM|dkim]] to have the mail properly signed.%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c OpenSMTPD may end up in an inconsistent state. This can happen due to a misconfiguration. One symptom is you see this error:%0a%3c %0a%3c smtpd[]: pony express: smtpd: socket: Too many open files%0a%3c %0a%3c To fix this, you can delete all the temporary files inside OpenSMTPD.%0a%3c %0a%3c '''WARNING''': this will delete any messages in the queue:%0a%3c %0a---%0a> Next, you want to make sure that OpenSMTPD knows about the valid recipient addresses on the system and which of the default addresses get redirected to whom. You define such a table(5) in /etc/mail/virtuals:%0a> %0a552,554c425,428%0a%3c $ doas rcctl stop smtpd%0a%3c $ doas rm -r /var/spool/smtpd/queue/*%0a%3c $ doas rm -r /var/spool/smtpd/offline/*%0a---%0a> abuse@example.net: muser@example.net%0a> hostmaster@example.net: muser@example.net%0a> postmaster@example.net: muser@example.net%0a> muser@example.net: vmail%0a557,558c431,434%0a%3c At times, opensmtpd may be unable to connect because outgoing packets are being filtered. For example, suppose you are trying to send a letter to yahoo, but you get errors similar to following, showing a connection timeout:%0a%3c %0a---%0a> Each valid mailbox on the left side either gets redirected to another valid mailbox defined in this file or to the system user that handles mails for us. Every recipient address that points to the system user will get it’s own mailbox.%0a> %0a> There is another table called trusted. You can put IP addresses in it of hosts that you trust although both DNS checks fail for these. For the below example configuration to work you need to create the file at least:%0a> %0a560,563c436%0a%3c smtpd[]: smtp-out: Enabling route [] %3c-> 67.195.204.77 (mtaproxy1.free.mail.vip.bf1.yahoo.com)%0a%3c smtpd[]: smtp-out: Enabling route [] %3c-> 67.195.228.106 (mtaproxy2.free.mail.vip.gq1.yahoo.com)%0a%3c smtpd[]: mta error reason=Connection timeout%0a%3c smtpd[]: smtp-out: Disabling route [] %3c-> 104.47.55.33 (104.47.55.33) for 15s%0a---%0a> $ doas touch /etc/mail/trusted%0a566,567c439,440%0a%3c An easy way to test if your packets are being filtered is:%0a%3c %0a---%0a> If you want to redirect local mails into one of the mailboxes of the domain you should add a line similar to the following one to /etc/mail/aliases:%0a> %0a569,574c442%0a%3c $ dig -t mx yahoo.com%0a%3c ;; ANSWER SECTION:%0a%3c yahoo.com. 395 IN MX 1 mta6.am0.yahoodns.net.%0a%3c yahoo.com. 395 IN MX 1 mta5.am0.yahoodns.net.%0a%3c yahoo.com. 395 IN MX 1 mta7.am0.yahoodns.net.%0a%3c $ nc mta5.am0.yahoodns.net 25%0a---%0a> user: muser@example.net%0a577,578c445,446%0a%3c If you get no response, then outgoing packets to port 25 are being blocked (often due to firewalls by your VPS provider to block spam). If mail is working, you should see a 220 reply:%0a%3c %0a---%0a> Up next is the actual configuration of OpenSMTPD. I suggest you start out with a fresh /etc/mail/smtpd.conf - either put away the original or clear it first.%0a> %0a580,581c448,482%0a%3c $ nc mta5.am0.yahoodns.net 25%0a%3c 220 mtaproxy511.free.mail.ne1.yahoo.com ESMTP ready%0a---%0a> name="mail.example.net"%0a> %0a> table aliases file:/etc/mail/aliases%0a> table passwd passwd:/etc/mail/passwd%0a> table trusted file:/etc/mail/trusted%0a> table virtuals file:/etc/mail/virtuals%0a> %0a> smtp ciphers "TLSv1.3:TLSv1.2:!NULL"%0a> smtp max-message-size "10M"%0a> %0a> pki $name cert "/etc/ssl/mail.example.net.crt"%0a> pki $name key "/etc/ssl/private/mail.example.net.key"%0a> %0a> filter trusted phase connect match src %3ctrusted> bypass%0a> filter no_rdns phase connect match !rdns disconnect \%0a> "550 rDNS is required around here"%0a> filter no_fcrdns phase connect match !fcrdns disconnect \%0a> "550 FCrDNS is required around here"%0a> filter rspamd proc-exec "filter-rspamd"%0a> filter checks chain { trusted, no_rdns, no_fcrdns, rspamd }%0a> %0a> listen on lo0%0a> listen on $name tls pki $name filter checks%0a> listen on $name smtps pki $name filter checks%0a> listen on $name port submission tls-require pki $name \%0a> auth %3cpasswd> filter rspamd%0a> %0a> action "local" mbox alias %3caliases>%0a> action "deliver" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvirtuals>%0a> action "outbound" relay%0a> %0a> match from local for local action "local"%0a> match from any for domain "example.net" action "deliver"%0a> match from local for any action "outbound"%0a> match auth from any for any action "outbound"%0a584,585c485,486%0a%3c It is also possible that TLS is being dropped by the firewall. You can test using openssl:%0a%3c %0a---%0a> Check your configuration and restart smtpd(8):%0a> %0a587,595c488,489%0a%3c $ openssl s_client -starttls smtp -connect mta5.am0.yahoodns.net:25%0a%3c CONNECTED(00000003)%0a%3c depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA%0a%3c verify return:1%0a%3c depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA%0a%3c verify return:1%0a%3c depth=0 C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.am0.yahoodns.net%0a%3c ...%0a%3c 250 STARTTLS%0a---%0a> $ doas smtpd -n%0a> $ doas rcctl restart smtpd%0a598,601c492,494%0a%3c You should see the entire SSL cert plus 250 STARTTLS reply. If you see the response hang at any point (eg, it returns CONNECTED(00000003) and nothing else), then TLS on port 25 is being filtered.%0a%3c %0a%3c If you see this warning message in /var/log/maillog:%0a%3c %0a---%0a> Firewall rules to go live%0a> So far pf(4) is blocking access to the ports of the daemons you have configured and started. If you are confident that your setup is OK it is time to go live with the services. Add the following rules to /etc/pf.conf:%0a> %0a603,605c496,503%0a%3c Dec 6 03:44:17 smtpd[]: info: OpenSMTPD 6.7.0 starting %0a%3c Dec 6 03:44:17 smtpd[]: pony express: smtpd: socket: Too many open files %0a%3c Dec 6 03:44:17 smtpd[]: warn: lost child: pony express exited abnormally %0a---%0a> mail="{ smtp smtps submission pop3s }"%0a> %0a> table %3cbruteforce> persist file "/etc/pf.bruteforce"%0a> %0a> block drop in log quick on egress from %3cbruteforce> to any%0a> %0a> pass in log on egress proto tcp from any to egress port $mail \%0a> (max-src-conn 5, max-src-conn-rate 1/1, overload %3cbruteforce> flush)%0a608,609c506,509%0a%3c This is due to having too many IP addresses that opensmtpd tries to bind to. This happens when you have a rule that says @@listen on egress@@:%0a%3c %0a---%0a> These rules allow traffic to pass to the TCP ports you have configured for OpenSMTPD and Dovecot. Packets from misbehaving clients get dropped silently. Misbehaving is defined as opening more than five connections from the same source IP or opening connections faster that one per second.%0a> %0a> After adding these rules to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a> %0a611,612c511,512%0a%3c listen on egress port 25 tls pki fruit.ircnow.org mask-src filter { check_rdns check_fcrdns }%0a%3c listen on egress port 587 tls-require pki fruit.ircnow.org auth %3cpasswd> mask-src filter { dkimsign }%0a---%0a> $ doas pfctl -nf /etc/pf.conf%0a> $ doas pfctl -f /etc/pf.conf%0a615,619c515,523%0a%3c These two lines mean that opensmtpd will listen to '''all''' available ip addresses, including the hundreds of IPv6 addresses you may have in @@/etc/hostname.vio0@@ and @@ifconfig vio0@@. To fix this, you must specify the IP addresses you want to listen to:%0a%3c %0a%3c !!! Open Mail Relay%0a%3c %0a%3c If all your email is being marked as spam, check @@/var/log/maillog, /var/log/dovecot.err or /var/log/dovecot.info@@ . If you see a message like the following:%0a---%0a> Catching the slow brute force attackers%0a> If you open one or more ports that require authentication - like 587/tcp (submission) above - you will face brute force attacks sooner or later. Limiting the allowed connections and rates in the pf(4) rule does block common brute force attackers effectively.%0a> %0a> But there is this other kind of attackers. Those who try to fly under the radar by only connecting once every minute or so. Although this does not match the definition of a brute force attack, these connections tend to fill the logs. And by guessing common combinations of user name and password they might actually land a lucky punch.%0a> %0a> One way to deal with the problem could be to extend the script addbrute.sh with the following lines:%0a> %0a> # Catch authentication failures from OpenSMTPD%0a> %0a621c525,527%0a%3c Jan 8 11:00:29 smtpd[39035]: 83bd6b3b1669649f mta delivery evpid=a8d16cd2144222fa from=%3cspammer@example.com> to=%3cvictim@example.com> rcpt=%3c-> source="192.168.0.1" relay="10.0.0.1 (10.0.0.1)" delay=16h2s result="TempFail" stat="451 4.7.650 The mail server [192.168.0.1] has been temporarily rate limited due to IP reputation. For e-mail delivery information, see https://postmaster.example.com (S843)"%0a---%0a> for id in $(grep failed-command.*AUTH ${logf}) ; do%0a> grep ${id}.*address= ${logf} | sed "s/.*address=//;s/ .*//"%0a> done >> ${dump}%0a623,625c529,573%0a%3c Then your server is being exploited as an [[opensmtpd/openrelay|open mail relay]]! Please follow the guide to fix it.%0a%3c %0a%3c !! [[opensmtpd/troubleshoot|Troubleshooting OpenSMTPd]]%0a\ No newline at end of file%0a---%0a> %0a> # Catch shady connections to POP3%0a> %0a> [@%0a> grep pop3-login.*no auth attempts" ${logf} | sed "s/.*rip=//;s/, .*//" >> ${dump}%0a> @]%0a> %0a> Beware that this script must be run as root and that it might affect your legitimate users as well as any attackers. The script doesn’t have any restrictions about the age of the log entries. This makes it hard to remove false positives from the table without having them readded during the next run of the script.%0a> %0a> [@%0a> Teaching rspamd some lessons%0a> @]%0a> %0a> No matter how good a spam detection system is, you will have both false positives (messages that are actually not spam) and false negatives (spam messages that are not detected as such). Lucky for you rspamd comes with a web interface to monitor and tune it. By default this web interface is accessible without any kind of authentication. Therefore it is only listening on localhost. The easiest way to access it is using port forwarding of ssh(1). Adding a line like this to ~/.ssh/config should do the trick:%0a> %0a> [@%0a> Host mail.example.net%0a> LocalForward 11334 127.0.0.1:11334%0a> Whenever you are logged in to mail.example.net using ssh(1) you can access the rspamd web interface in your browser with this link: http://localhost:11334/%0a> @]%0a> %0a> Adding and removing mailboxes%0a> Adding an additional mailbox to the server is as easy as using the following three commands:%0a> %0a> [@%0a> # echo "nuser@example.net:$(smtpctl encrypt Password)::::::" >> /etc/mail/passwd%0a> # echo "nuser@example.net: vmail" >> /etc/mail/virtuals%0a> # smtpctl update table virtuals%0a> @]%0a> %0a> Dovecot will take care of creating the required files and folders to store the mails as soon as the first mail arrives to the new mailbox.%0a> %0a> Disabling a no longer needed mailbox is equally simple:%0a> %0a> [@%0a> # sed -i /nuser@example\.net/d /etc/mail/passwd%0a> # sed -i /nuser@example\.net/d /etc/mail/virtuals%0a> # smtpctl update table virtuals%0a> @]%0a> %0a> If you want to remove the mailbox completely including any mails left in it you can issue this command after disabling the mailbox:%0a> %0a> [@%0a> # rm -rf /home/vmail/example.net/nuser%0a> @]%0a\ No newline at end of file%0a
+host:1731476845=138.43.182.133
+author:1731470982=SplinTer
+diff:1731470982:1731470982:=1,573d0%0a%3c How to configure a small mail server%0a%3c %0a%3c Introduction%0a%3c Yes, another post about setting up a mail server. I know, there are plenty similar posts already out there… This one is about setting up a mail server on an Internet facing host. It will accept and send mails for a domain, store the accepted mails locally and deliver them using POP3. This is a rather lengthy post because there are quite some pieces to put together.%0a%3c %0a%3c Building blocks%0a%3c I use the following software to build my mail server out in the wild Internet:%0a%3c %0a%3c OpenSMTPD%0a%3c rspamd%0a%3c ClamAV%0a%3c Dovecot%0a%3c Let’s Encrypt%0a%3c OpenSMTPD will handle incoming and outgoing mail using SMTP. rspamd will support it in fighting incoming spam and malware (using ClamAV), and signing outgoing mail using DKIM. Dovecot stores received mail for users and delivers it using POP3. Finally acme-client(8) is used to manage the certificate from Let’s Encrypt.%0a%3c %0a%3c Basic assumptions%0a%3c The configuration I describe in this post is based on some assumptions about the server and its environment:%0a%3c %0a%3c Both IPv4 and IPv6 are used%0a%3c The server is the primary MX for the domain%0a%3c Both OpenSMTPD and Dovecot run on the same server%0a%3c Mail users must authenticate for both, POP3 and SMTP%0a%3c There are only a handful of mail users on this server%0a%3c Mail is just stored on the server until users fetch it%0a%3c This setup is suited for a small domain providing mail services to few users. User management is done manually and mail is stored locally. If this doesn’t fit your needs you might consider using one of the many other mail server guides out there.%0a%3c %0a%3c Before you start installing and configuring any software on your OpenBSD system I suggest that you consider using full disk encryption on it. Especially if your mail server is hosted at some provider.%0a%3c %0a%3c Preparations%0a%3c First you should install the required software packages:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add -i dovecot opensmtpd-extras rspamd opensmtpd-filter-rspamd%0a%3c @]%0a%3c %0a%3c Next you create the system user which will be used for handling mails:%0a%3c %0a%3c [@%0a%3c doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a%3c $ doas mkdir /var/vmail%0a%3c $ doas chown vmail:vmail /var/vmail%0a%3c $ doas chmod 0750 /var/vmail%0a%3c $ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a%3c $ doas chown _smtpd:_dovecot /etc/mail/passwd%0a%3c $ doas chmod 770 /etc/mail/dkim/%0a%3c $ doas chmod 440 /etc/mail/passwd%0a%3c $ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a%3c @]%0a%3c %0a%3c And you create the passwd(5) which will hold the information about the mail users on your system:%0a%3c %0a%3c [@%0a%3c $ smtpctl encrypt 1amApASSw0rd | sed "s/^/muser:/;s/$/::::::/" > passwd%0a%3c $ doas mv passwd /etc/mail/passwd%0a%3c $ doas chown _dovecot:_smtpd /etc/mail/passwd%0a%3c $ doas chmod 0440 /etc/mail/passwd%0a%3c @]%0a%3c %0a%3c If you want to use DKIM to sign your outgoing mail it is time to create the key for it:%0a%3c %0a%3c [@%0a%3c $ doas mkdir /etc/mail/dkim%0a%3c $ doas openssl genrsa -out /etc/mail/dkim/example.net.key 1024%0a%3c $ doas openssl rsa -in /etc/mail/dkim/example.net.key -pubout \%0a%3c > -out /etc/mail/dkim/example.net.pub%0a%3c $ doas chgrp _rspamd /etc/mail/dkim/example.net.key%0a%3c $ doas chmod 0640 /etc/mail/dkim/example.net.key%0a%3c @]%0a%3c %0a%3c There are some entries required in the DNS zone of your domain. The following command will generate a text file ready to import into the zone file:%0a%3c %0a%3c [@%0a%3c $ echo ' MX 10 mail.example.net.' > rrs.txt%0a%3c $ echo ' TXT "v=spf1 mx -all"' >> rrs.txt%0a%3c $ echo 'mail A 192.0.2.10' >> rrs.txt%0a%3c $ echo ' AAAA 2001:db8::c000:020a' >> rrs.txt%0a%3c $ echo 'pop3 CNAME mail' >> rrs.txt%0a%3c $ echo '$ORIGIN _domainkey.example.net.' >> rrs.txt%0a%3c $ pubkey=$(sed /^-/d /etc/mail/dkim/example.net.pub | tr -d '\n')%0a%3c $ echo "default TXT \"v=DKIM1;k=rsa;p=${pubkey}\"" >> rrs.txt%0a%3c @]%0a%3c %0a%3c Certificates from Let’s Encrypt%0a%3c Of course you can use any certificate provider who supports the ACME protocol. I use Let’s Encrypt because they provide certificates for free, which is a huge win if you run a small site like this one.%0a%3c %0a%3c You will use httpd(8) to answer the challenges. Create a /etc/httpd.conf similar to this one:%0a%3c %0a%3c [@%0a%3c server "mail.example.net" {%0a%3c listen on egress port http%0a%3c alias "pop3.example.net"%0a%3c root "/"%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c request strip 2%0a%3c root "/acme"%0a%3c }%0a%3c }%0a%3c %0a%3c types {%0a%3c include "/usr/share/misc/mime.types"%0a%3c }%0a%3c @]%0a%3c %0a%3c Test your configuration, enable and start httpd(8):%0a%3c %0a%3c [@%0a%3c $ doas httpd -n%0a%3c $ doas rcctl enable httpd%0a%3c $ doas rcctl start httpd%0a%3c @]%0a%3c %0a%3c Now acme-client(8) needs to know what to do and with whom. Take /etc/examples/acme-client.conf, adapt it to your needs and save the result as /etc/acme-client.conf:%0a%3c %0a%3c [@%0a%3c authority letsencrypt {%0a%3c api url "https://acme-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-privkey.pem"%0a%3c }%0a%3c %0a%3c authority letsencrypt-staging {%0a%3c api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a%3c }%0a%3c %0a%3c domain mail.example.net {%0a%3c alternative names {%0a%3c pop3.example.net%0a%3c }%0a%3c domain key "/etc/ssl/private/mail.example.net.key"%0a%3c domain full chain certificate "/etc/ssl/mail.example.net.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c @]%0a%3c %0a%3c This config will issue a valid certificate right away. If you feel like testing in the first place, you should change the line sign with to letsencrypt-staging until you feel comfortable with the process.%0a%3c %0a%3c Before you can get your certificate you must make sure pf(4) lets the requests actually pass through to httpd(8). Add a rule similar to the following one to your pf.conf(5):%0a%3c %0a%3c pass in log on egress proto tcp from any to egress port http%0a%3c After adding this rule to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -nf /etc/pf.conf%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a%3c %0a%3c Now you can get your certificate using the following command:%0a%3c %0a%3c [@%0a%3c $ doas acme-client mail.example.net%0a%3c @]%0a%3c %0a%3c Certificates have an expiry date, like groceries. You may want to make sure your certificate gets renewed automatically before it expires. The file /etc/daily.local can take care of this for you:%0a%3c %0a%3c [@%0a%3c #!/bin/sh%0a%3c %0a%3c /usr/sbin/acme-client mail.example.net%0a%3c [[ $? -eq 0 ]] && rcctl restart smtpd dovecot%0a%3c @]%0a%3c %0a%3c Anti-malware shield ClamAV%0a%3c ClamAV will be used by rspamd to scan attachments for malware. To do so you need some configuration for ClamAV first in order to run it as a daemon and to keep the malware database up to date. Or if you run a malware scan server in your environment you can connect rspamd to it.%0a%3c %0a%3c First you configure the daemon freshclam to make sure the malware database of ClamAV stays up to date. The file /etc/freshclam.conf contains the following settings:%0a%3c %0a%3c [@%0a%3c LogTime yes%0a%3c LogSyslog yes%0a%3c LogFacility LOG_DAEMON%0a%3c DatabaseMirror db.ch.clamav.net%0a%3c DatabaseMirror database.clamav.net%0a%3c NotifyClamd /etc/clamd.conf%0a%3c @]%0a%3c %0a%3c Enable and start freshclam now so it has time to update the signature database for ClamAV:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable freshclam%0a%3c $ doas rcctl start freshclam%0a%3c @]%0a%3c %0a%3c Next you configure clamd. In /etc/clamd.conf the following lines are set:%0a%3c %0a%3c [@%0a%3c LogTime yes%0a%3c LogSyslog yes%0a%3c LogFacility LOG_DAEMON%0a%3c TemporaryDirectory /tmp%0a%3c LocalSocket /var/clamav/clamd.sock%0a%3c TCPSocket 3310%0a%3c TCPAddr 127.0.0.1%0a%3c User _clamav%0a%3c DetectPUA yes%0a%3c AlertEncrypted yes%0a%3c AlertEncryptedArchive yes%0a%3c AlertEncryptedDoc yes%0a%3c AlertOLE2Macros yes%0a%3c AlertPhishingSSLMismatch yes%0a%3c AlertPhishingCloak yes%0a%3c MaxRecursion 12%0a%3c @]%0a%3c %0a%3c You may want to study the man page of clamd.conf and consider each of the options named Alert*. Some of these may block attachments you actually don’t want to get blocked on your mail server. As soon as you are happy with your configuration it is time to enable and start clamd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable clamd%0a%3c $ doas rcctl start clamd%0a%3c @]%0a%3c %0a%3c You may get a timeout warning after the start command. Using pgrep(1) you can check if clamd is actually running or not. In most cases it will be running and you can ignore the timeout message.%0a%3c %0a%3c Santas storage bag Redis%0a%3c The preferred storage for rspamd data is Redis. It used to be one of those packages you could just install and start. But not anymore. First of all you will want Redis to listen to a UNIX socket on the local machine. Those come with far less overhead than TCP sockets and therefore speed up the communication between rspamd and Redis. Add the following two lines to /etc/redis/redis.conf:%0a%3c %0a%3c [@%0a%3c unixsocket /var/run/redis/redis.sock%0a%3c unixsocketperm 770%0a%3c @]%0a%3c %0a%3c Make sure that rspamd can write to the socket. Unfortunately Redis does not support setting owner/group for the socket. So you have to make the user _rspamd a member of the group _redis:%0a%3c %0a%3c [@%0a%3c $ doas usermod -G _redis _rspamd%0a%3c @]%0a%3c %0a%3c If the logs of rspamd show messages containing:%0a%3c %0a%3c ERR max number of clients reached%0a%3c it is necessary to increase the number of allowed clients in Redis. By default this is set to 96. You can increase the value by tweaking the setting maxclients in /etc/redis/redis.conf:%0a%3c %0a%3c [@%0a%3c maxclients 128%0a%3c @]%0a%3c %0a%3c You might need to use even higher number, depending on what modules of rspamd you actually use with Redis.%0a%3c %0a%3c Santas little helper rspamd%0a%3c rspamd will cover all the extra needs we have today when running a mail server out in the wild. It provides a highly customizable and trainable spam filter, malware filter, greylisting and DKIM signing.%0a%3c %0a%3c While most modules work out of the box the DKIM signing needs configuration in order to find the key it should use to sign mails. Create the /etc/rspamd/local.d/dkim_signing.conf containing this:%0a%3c %0a%3c [@%0a%3c allow_username_mismatch = true;%0a%3c sign_networks = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a%3c %0a%3c domain {%0a%3c example.net {%0a%3c path = "/etc/mail/dkim/example.net.key";%0a%3c selector = "default";%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c The line sign_networks is only needed if you have other servers in the same domain that will use this MX as relay.%0a%3c %0a%3c Furthermore you have to tell rspamd under which circumstances it should perform DKIM signing only. The common cases for this are mails from authenticated users and mails from other systems in the same domain. In /etc/rspamd/local.d/settings.conf add the following two blocks:%0a%3c %0a%3c [@%0a%3c sign_auth {%0a%3c id = "sign_auth";%0a%3c authenticated = true;%0a%3c apply {%0a%3c symbols_enabled = ["DKIM_SIGNED"];%0a%3c flags = ["skip_process"];%0a%3c }%0a%3c }%0a%3c %0a%3c sign_only {%0a%3c id = "sign_only";%0a%3c ip = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a%3c apply {%0a%3c symbols_enabled = ["DKIM_SIGNED"];%0a%3c flags = ["skip_process"];%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c In case you use ClamAV for malware scanning this module of rspamd needs some configuration too. Create the file /etc/rspamd/local.d/antivirus.conf with the following content:%0a%3c %0a%3c [@%0a%3c clamav {%0a%3c action = "reject";%0a%3c message = '${SCANNER}: virus found: "${VIRUS}"';%0a%3c scan_mime_parts = true;%0a%3c scan_image_mime = false;%0a%3c symbol = "CLAM_VIRUS";%0a%3c type = "clamav";%0a%3c prefix = "rs_cl_";%0a%3c servers = "/var/clamav/clamd.sock";%0a%3c whitelist = "${DBDIR}/wl_antivirus.map.local";%0a%3c }%0a%3c @]%0a%3c %0a%3c These settings are very strict by rejecting every mail that scans positive for malware. Depending on your needs you may want to reconsider this and add a high score to the mail instead. This gives you the chance to put into quarantine instead of blocking it completely.%0a%3c %0a%3c If rspamd keeps misclassifying mails from particular domains you may want to improve the score of those mails by whitelisting these. Create the file /etc/rspamd/local.d/multimap.conf:%0a%3c %0a%3c [@%0a%3c WHITELIST_SENDER_DOMAIN {%0a%3c type = "from";%0a%3c filter = "email:domain";%0a%3c map = "${DBDIR}/wl_sender_domain.map.local";%0a%3c score = -5.0;%0a%3c }%0a%3c @]%0a%3c %0a%3c Some of the modules of rspamd work best using Redis as storage. To make sure all these modules use your local Redis instance create a file /etc/rspamd/local.d/redis.conf containing the following line:%0a%3c %0a%3c [@%0a%3c servers = "/var/run/redis/redis.sock";%0a%3c @]%0a%3c %0a%3c In case you have not enabled the UNIX domain socket for Redis you can replace the path by localhost so it will use the TCP connection instead.%0a%3c %0a%3c In case you want to redirect the logging of rspamd from /var/log/rspamd/rspamd.log to the general /var/log/maillog you need to create the file /etc/rspamd/local.d/logging.inc with the following content:%0a%3c %0a%3c [@%0a%3c type = "syslog";%0a%3c facility = "mail";%0a%3c level = "notice";%0a%3c @]%0a%3c %0a%3c It is time to enable and start rspamd and its memory storage Redis:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable redis rspamd%0a%3c $ doas rcctl start redis rspamd%0a%3c @]%0a%3c %0a%3c Dovecot as POP3 server%0a%3c First, follow the pkg-readme of Dovecot and create an own login class for it in /etc/login.conf:%0a%3c %0a%3c [@%0a%3c dovecot:\%0a%3c :openfiles-cur=1024:\%0a%3c :openfiles-max=2048:\%0a%3c :tc=daemon:%0a%3c @]%0a%3c %0a%3c I recommend to you to put the actual configuration of Dovecot into /etc/dovecot/local.conf and leave all the other config files alone (with one exception further down). This way updates won’t destroy your configuration. For a POP3-only configuration the file should look similar to this one:%0a%3c %0a%3c [@%0a%3c hostname = mail.example.net%0a%3c listen = 192.0.2.10, 2001:db8::c000:020a%0a%3c login_greeting = "%25s.example.net ready"%0a%3c mail_home = /home/vmail/%25d/%25n%0a%3c mail_location = mbox:~/mbox%0a%3c pop3_fast_size_lookups = yes%0a%3c pop3_no_flag_updates = yes%0a%3c pop3_uidl_format = %25g%0a%3c protocols = lmtp pop3%0a%3c ssl = yes%0a%3c ssl_cert = %3c/etc/ssl/mail.example.net.fullchain.pem%0a%3c ssl_key = %3c/etc/ssl/private/mail.example.net.key%0a%3c ssl_dh = %3c/etc/ssl/dh4096.pem%0a%3c ssl_min_protocol = TLSv1.2%0a%3c ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH%0a%3c ssl_prefer_server_ciphers = yes%0a%3c %0a%3c passdb {%0a%3c driver = passwd-file%0a%3c args = scheme=blf-crypt /etc/mail/passwd%0a%3c }%0a%3c %0a%3c service auth {%0a%3c unix_listener auth-userdb {%0a%3c mode = 0600%0a%3c user = vmail%0a%3c }%0a%3c }%0a%3c %0a%3c service lmtp {%0a%3c user = vmail%0a%3c }%0a%3c %0a%3c service pop3-login {%0a%3c inet_listener pop3 {%0a%3c address = 127.0.0.1, ::1%0a%3c }%0a%3c }%0a%3c %0a%3c service stats {%0a%3c unix_listener stats-writer {%0a%3c user = vmail%0a%3c group = _dovecot%0a%3c }%0a%3c }%0a%3c %0a%3c userdb {%0a%3c driver = static%0a%3c args = uid=vmail gid=vmail home=/home/vmail/%25d/%25n%0a%3c }%0a%3c @]%0a%3c %0a%3c The configuration makes POP3 available on the public IP addresses using TCP port 995 which requires an encrypted connection right from the start. This makes it hard for users to send clear text passwords over an clear text connection. For debugging purposes there is a clear text connection available on localhost TCP port 110.%0a%3c %0a%3c Due to a bug in the config parser of Dovecot you must comment out two lines in /etc/dovecot/conf.d/10-ssl.conf or the loading of the certificate and key files will fail:%0a%3c %0a%3c [@%0a%3c $ doas sed -i "/^ssl_[cert|key]/s/^/#/" /etc/dovecot/conf.d/10-ssl.conf%0a%3c @]%0a%3c %0a%3c Check your configuration so far by testing the login for mail users with the following commands:%0a%3c %0a%3c [@%0a%3c $ doas doveadm user muser@example.net%0a%3c $ doas doveadm auth login muser@example.net%0a%3c @]%0a%3c %0a%3c The first command should give you information about the account muser while the second one should check if the password you’ve set for muser is correct.%0a%3c %0a%3c Beside POP3 Dovecot also listens for LMTP connections on the local UNIX socket /var/dovecot/lmtp. OpenSMTPD will use this socket to hand over received mails to Dovecot.%0a%3c %0a%3c OpenSMTPD as mail transport agent%0a%3c Your server probably got another hostname, so make sure OpenSMTPD always identifies with the right name:%0a%3c %0a%3c [@%0a%3c # echo "mail.example.net" > /etc/mail/mailname%0a%3c @]%0a%3c %0a%3c Next, you want to make sure that OpenSMTPD knows about the valid recipient addresses on the system and which of the default addresses get redirected to whom. You define such a table(5) in /etc/mail/virtuals:%0a%3c %0a%3c [@%0a%3c abuse@example.net: muser@example.net%0a%3c hostmaster@example.net: muser@example.net%0a%3c postmaster@example.net: muser@example.net%0a%3c muser@example.net: vmail%0a%3c @]%0a%3c %0a%3c Each valid mailbox on the left side either gets redirected to another valid mailbox defined in this file or to the system user that handles mails for us. Every recipient address that points to the system user will get it’s own mailbox.%0a%3c %0a%3c There is another table called trusted. You can put IP addresses in it of hosts that you trust although both DNS checks fail for these. For the below example configuration to work you need to create the file at least:%0a%3c %0a%3c [@%0a%3c $ doas touch /etc/mail/trusted%0a%3c @]%0a%3c %0a%3c If you want to redirect local mails into one of the mailboxes of the domain you should add a line similar to the following one to /etc/mail/aliases:%0a%3c %0a%3c [@%0a%3c user: muser@example.net%0a%3c @]%0a%3c %0a%3c Up next is the actual configuration of OpenSMTPD. I suggest you start out with a fresh /etc/mail/smtpd.conf - either put away the original or clear it first.%0a%3c %0a%3c [@%0a%3c name="mail.example.net"%0a%3c %0a%3c table aliases file:/etc/mail/aliases%0a%3c table passwd passwd:/etc/mail/passwd%0a%3c table trusted file:/etc/mail/trusted%0a%3c table virtuals file:/etc/mail/virtuals%0a%3c %0a%3c smtp ciphers "TLSv1.3:TLSv1.2:!NULL"%0a%3c smtp max-message-size "10M"%0a%3c %0a%3c pki $name cert "/etc/ssl/mail.example.net.crt"%0a%3c pki $name key "/etc/ssl/private/mail.example.net.key"%0a%3c %0a%3c filter trusted phase connect match src %3ctrusted> bypass%0a%3c filter no_rdns phase connect match !rdns disconnect \%0a%3c "550 rDNS is required around here"%0a%3c filter no_fcrdns phase connect match !fcrdns disconnect \%0a%3c "550 FCrDNS is required around here"%0a%3c filter rspamd proc-exec "filter-rspamd"%0a%3c filter checks chain { trusted, no_rdns, no_fcrdns, rspamd }%0a%3c %0a%3c listen on lo0%0a%3c listen on $name tls pki $name filter checks%0a%3c listen on $name smtps pki $name filter checks%0a%3c listen on $name port submission tls-require pki $name \%0a%3c auth %3cpasswd> filter rspamd%0a%3c %0a%3c action "local" mbox alias %3caliases>%0a%3c action "deliver" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvirtuals>%0a%3c action "outbound" relay%0a%3c %0a%3c match from local for local action "local"%0a%3c match from any for domain "example.net" action "deliver"%0a%3c match from local for any action "outbound"%0a%3c match auth from any for any action "outbound"%0a%3c @]%0a%3c %0a%3c Check your configuration and restart smtpd(8):%0a%3c %0a%3c [@%0a%3c $ doas smtpd -n%0a%3c $ doas rcctl restart smtpd%0a%3c @]%0a%3c %0a%3c Firewall rules to go live%0a%3c So far pf(4) is blocking access to the ports of the daemons you have configured and started. If you are confident that your setup is OK it is time to go live with the services. Add the following rules to /etc/pf.conf:%0a%3c %0a%3c [@%0a%3c mail="{ smtp smtps submission pop3s }"%0a%3c %0a%3c table %3cbruteforce> persist file "/etc/pf.bruteforce"%0a%3c %0a%3c block drop in log quick on egress from %3cbruteforce> to any%0a%3c %0a%3c pass in log on egress proto tcp from any to egress port $mail \%0a%3c (max-src-conn 5, max-src-conn-rate 1/1, overload %3cbruteforce> flush)%0a%3c @]%0a%3c %0a%3c These rules allow traffic to pass to the TCP ports you have configured for OpenSMTPD and Dovecot. Packets from misbehaving clients get dropped silently. Misbehaving is defined as opening more than five connections from the same source IP or opening connections faster that one per second.%0a%3c %0a%3c After adding these rules to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -nf /etc/pf.conf%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a%3c %0a%3c Catching the slow brute force attackers%0a%3c If you open one or more ports that require authentication - like 587/tcp (submission) above - you will face brute force attacks sooner or later. Limiting the allowed connections and rates in the pf(4) rule does block common brute force attackers effectively.%0a%3c %0a%3c But there is this other kind of attackers. Those who try to fly under the radar by only connecting once every minute or so. Although this does not match the definition of a brute force attack, these connections tend to fill the logs. And by guessing common combinations of user name and password they might actually land a lucky punch.%0a%3c %0a%3c One way to deal with the problem could be to extend the script addbrute.sh with the following lines:%0a%3c %0a%3c # Catch authentication failures from OpenSMTPD%0a%3c %0a%3c [@%0a%3c for id in $(grep failed-command.*AUTH ${logf}) ; do%0a%3c grep ${id}.*address= ${logf} | sed "s/.*address=//;s/ .*//"%0a%3c done >> ${dump}%0a%3c @]%0a%3c %0a%3c # Catch shady connections to POP3%0a%3c %0a%3c [@%0a%3c grep pop3-login.*no auth attempts" ${logf} | sed "s/.*rip=//;s/, .*//" >> ${dump}%0a%3c @]%0a%3c %0a%3c Beware that this script must be run as root and that it might affect your legitimate users as well as any attackers. The script doesn’t have any restrictions about the age of the log entries. This makes it hard to remove false positives from the table without having them readded during the next run of the script.%0a%3c %0a%3c [@%0a%3c Teaching rspamd some lessons%0a%3c @]%0a%3c %0a%3c No matter how good a spam detection system is, you will have both false positives (messages that are actually not spam) and false negatives (spam messages that are not detected as such). Lucky for you rspamd comes with a web interface to monitor and tune it. By default this web interface is accessible without any kind of authentication. Therefore it is only listening on localhost. The easiest way to access it is using port forwarding of ssh(1). Adding a line like this to ~/.ssh/config should do the trick:%0a%3c %0a%3c [@%0a%3c Host mail.example.net%0a%3c LocalForward 11334 127.0.0.1:11334%0a%3c Whenever you are logged in to mail.example.net using ssh(1) you can access the rspamd web interface in your browser with this link: http://localhost:11334/%0a%3c @]%0a%3c %0a%3c Adding and removing mailboxes%0a%3c Adding an additional mailbox to the server is as easy as using the following three commands:%0a%3c %0a%3c [@%0a%3c # echo "nuser@example.net:$(smtpctl encrypt Password)::::::" >> /etc/mail/passwd%0a%3c # echo "nuser@example.net: vmail" >> /etc/mail/virtuals%0a%3c # smtpctl update table virtuals%0a%3c @]%0a%3c %0a%3c Dovecot will take care of creating the required files and folders to store the mails as soon as the first mail arrives to the new mailbox.%0a%3c %0a%3c Disabling a no longer needed mailbox is equally simple:%0a%3c %0a%3c [@%0a%3c # sed -i /nuser@example\.net/d /etc/mail/passwd%0a%3c # sed -i /nuser@example\.net/d /etc/mail/virtuals%0a%3c # smtpctl update table virtuals%0a%3c @]%0a%3c %0a%3c If you want to remove the mailbox completely including any mails left in it you can issue this command after disabling the mailbox:%0a%3c %0a%3c [@%0a%3c # rm -rf /home/vmail/example.net/nuser%0a%3c @]%0a\ No newline at end of file%0a
+host:1731470982=138.43.182.133
blob - c9a72690e526e2d173e589c0490a41508e0764c3
blob + 7c8c7b2faf1f9061c748e250ac9a786af1e1c064
--- wiki.d/Almanack.DumpBackupWithSCP
+++ wiki.d/Almanack.DumpBackupWithSCP
ctime=1703975767
host=138.43.182.133
name=Almanack.DumpBackupWithSCP
-rev=21
+rev=22
targets=
-text=(:title Dump Backup With SCP:)%0a%0athis is a custom shell script to run dump command for backup to remote server with the SCP Command with using a private openssh key! please note that you will need to setup private.key for your scp to use without using a password%0a%0a%25note%25'''NOTE:''' The above command copies the backup from local host to remote host to store your backup. This requires ssh without password (ssh keys) and doas without password which is a security concern%0a%0a%25note%25'''private.key NOTE:''' The Solution: When you get to the public key screen in creating your key pair in puttygen, copy the public key and paste it into a text file with the extension .pub. You will save you sysadmin hours of frustration reading posts like this%0a%0aBegin of script%0a----%0a%0a[@%0a#!/bin/sh %0a#Author SplinTer@NaStYcOdE.Com Free Unix Tech Support At support@nastycode.com%0a# Join Us On IRC At IRC.NaStYcOdE.COM Channel #NaStYcOdE%0aSHELL=/bin/sh%0aPATH=/bin:/sbin19:/usr/bin:/usr/sbin19:/sbin/:/usr/sbin%0aHOME=/root%0aMAILTO=splinter@partnaz-n-crime.com%0aHOSTNAME=partnaz-n-crime.com%0aBACKUP_DESTINATION=splinter@host.nastycode.com%0aDATE=$(date "+%25Y%25m%25d")%0aLOCALBACKUP=/backup/$DATE%0a%0aecho%0acd /backup/%0aecho%0amkdir $DATE%0aecho%0acd $LOCALBACKUP%0aecho "Curremt Working Backup Directory $LOCALBACKUP on $HOSTNAME"%0aecho%0aecho "Partition's Needs Backed Up With OpenBSD Dump And SCP Command"%0aecho%0adf -h%0aecho%0aecho "Current Backup Location $HOSTNAME VPS Folder $LOCALBACKUP"%0aecho%0acd $LOCALBACKUP%0aecho%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/root.dmp / &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/tmp.dmp /tmp &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr.dmp /usr &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-X11R6.dmp /usr/X11R6 &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-src.dmp /usr/src &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-obj.dmp /usr/obj &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-local.dmp /usr/local &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/var.dmp /var &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/home.dmp /home &&%0aecho "Folder Size Of Backup On $HOSTNAME VPS"%0acd $LOCALBACKUP%0adu -sh%0aecho%0aecho "Uploading to $BACKUP_DESTINATION Going To Take A Hour! Please Keep Calm And Be Patiently Let it Do Its Thing!"%0acd /bkup%0aecho%0aecho "Starting Upload to Storage VPS Server host.nastycode.com In Folder /home/storage/SplinTer/Backup/partnaz-n-crime.com/$DATE/ On Storage VPS"%0aecho%0a/usr/bin/scp -r -i private.key /backup/* splinter@host.nastycode.com:/home/storage/SplinTer/Backup/partnaz-n-crime.com/%0aecho "Backup Directoy File Size On Backup VPS"%0adu -sh $LOCALBACKUP%0aecho%0aecho "Uploading to $BACKUP_DESTINATION Is Complete! File Path On VPS Server $DATE"%0aecho%0aecho%0aecho "Deleteing $HOSTNAME Files From local Backup! Current Directory $LOCALBACKUP"%0arm -fr $LOCALBACKUP%0aecho%0aecho%0aecho "This Bash Script Can Be Run As Ofen As You Wish! I'd Run At Least Weekly! Made By SplinTer@NaStYcOdE.Com"%0a%0a@]
-time=1731437407
+text=(:title Dump Backup With SCP:)%0a%0athis is a custom shell script to run dump command for backup to remote server with the SCP Command with using a private openssh key! please note that you will need to setup private.key for your scp to use without using a password%0a%0a%25note%25'''NOTE:''' The above command copies the backup from local host to remote host to store your backup. This requires ssh without password (ssh keys) and doas without password which is a security concern%0a%0a%25note%25'''private.key NOTE:''' The Solution: When you get to the public key screen in creating your key pair in puttygen, copy the public key and paste it into a text file with the extension .pub. You will save you sysadmin hours of frustration reading posts like this%0a%0aBegin of script%0a----%0a%0a[@%0a#!/bin/sh %0a#Author SplinTer@NaStYcOdE.Com Free Unix Tech Support At support@nastycode.com%0a# Join Us On IRC At IRC.NaStYcOdE.COM Channel #NaStYcOdE%0aSHELL=/bin/sh%0aPATH=/bin:/sbin19:/usr/bin:/usr/sbin19:/sbin/:/usr/sbin%0aHOME=/root%0aMAILTO=splinter@NaStYcOdE.Com%0aHOSTNAME=NaStYcOdE.Com%0aBACKUP_DESTINATION=splinter@host.nastycode.com%0aDATE=$(date "+%25Y%25m%25d")%0aLOCALBACKUP=/backup/$DATE%0a%0aecho%0acd /backup/%0aecho%0amkdir $DATE%0aecho%0acd $LOCALBACKUP%0aecho "Curremt Working Backup Directory $LOCALBACKUP on $HOSTNAME"%0aecho%0aecho "Partition's Needs Backed Up With OpenBSD Dump And SCP Command"%0aecho%0adf -h%0aecho%0aecho "Current Backup Location $HOSTNAME VPS Folder $LOCALBACKUP"%0aecho%0acd $LOCALBACKUP%0aecho%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/root.dmp / &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/tmp.dmp /tmp &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr.dmp /usr &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-X11R6.dmp /usr/X11R6 &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-src.dmp /usr/src &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-obj.dmp /usr/obj &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-local.dmp /usr/local &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/var.dmp /var &&%0adoas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/home.dmp /home &&%0aecho "Folder Size Of Backup On $HOSTNAME VPS"%0acd $LOCALBACKUP%0adu -sh%0aecho%0aecho "Uploading to $BACKUP_DESTINATION Going To Take A Hour! Please Keep Calm And Be Patiently Let it Do Its Thing!"%0acd /bkup%0aecho%0aecho "Starting Upload to Storage VPS Server host.nastycode.com In Folder /home/storage/SplinTer/Backup/partnaz-n-crime.com/$DATE/ On Storage VPS"%0aecho%0a/usr/bin/scp -r -i private.key /backup/* splinter@host.nastycode.com:/home/storage/SplinTer/Backup/partnaz-n-crime.com/%0aecho "Backup Directoy File Size On Backup VPS"%0adu -sh $LOCALBACKUP%0aecho%0aecho "Uploading to $BACKUP_DESTINATION Is Complete! File Path On VPS Server $DATE"%0aecho%0aecho%0aecho "Deleteing $HOSTNAME Files From local Backup! Current Directory $LOCALBACKUP"%0arm -fr $LOCALBACKUP%0aecho%0aecho%0aecho "This Bash Script Can Be Run As Ofen As You Wish! I'd Run At Least Weekly! Made By SplinTer@NaStYcOdE.Com"%0a%0a@]
+time=1731547772
title=Dump Backup With SCP
+author:1731547772=SplinTer
+diff:1731547772:1731437407:=19,20c19,20%0a%3c MAILTO=splinter@NaStYcOdE.Com%0a%3c HOSTNAME=NaStYcOdE.Com%0a---%0a> MAILTO=splinter@partnaz-n-crime.com%0a> HOSTNAME=partnaz-n-crime.com%0a
+host:1731547772=138.43.182.133
author:1731437407=SplinTer
diff:1731437407:1713173251:=19,21c19,21%0a%3c MAILTO=splinter@partnaz-n-crime.com%0a%3c HOSTNAME=partnaz-n-crime.com%0a%3c BACKUP_DESTINATION=splinter@host.nastycode.com%0a---%0a> MAILTO="splinter@NaStYcOdE.com"%0a> HOSTNAME=NaStYcOdE.COM%0a> BACKUP_DESTINATION=SplinTer@host.planetofnix.com%0a23,24c23,24%0a%3c LOCALBACKUP=/backup/$DATE%0a%3c %0a---%0a> LOCALBACKUP=/home/backup/$DATE%0a> %0a26c26%0a%3c cd /backup/%0a---%0a> cd /home/backup/%0a31c31%0a%3c echo "Curremt Working Backup Directory $LOCALBACKUP on $HOSTNAME"%0a---%0a> echo "Curremt Working Backup Directory $LOCALBACKUP on $hostname"%0a40d39%0a%3c echo%0a45,46d43%0a%3c doas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-src.dmp /usr/src &&%0a%3c doas /sbin/dump -0 -a -h 0 -f $LOCALBACKUP/usr-obj.dmp /usr/obj &&%0a53a51,52%0a> echo "Uploading to $BACKUP_DESTINATION Backup Server! User Account SplinTer!"%0a> echo%0a55c54%0a%3c cd /bkup%0a---%0a> cd /home/backup%0a57c56%0a%3c echo "Starting Upload to Storage VPS Server host.nastycode.com In Folder /home/storage/SplinTer/Backup/partnaz-n-crime.com/$DATE/ On Storage VPS"%0a---%0a> echo "Starting Upload to Storage VPS Server host.planetofnix.com In Folder /mnt/sd4/a/vps/SplinTer/backup/nastycode.com/$DATE On Storage VPS"%0a59c58%0a%3c /usr/bin/scp -r -i private.key /backup/* splinter@host.nastycode.com:/home/storage/SplinTer/Backup/partnaz-n-crime.com/%0a---%0a> /usr/bin/scp -r -i private.key /home/backup/* SplinTer@host.planetofnix.com:/mnt/sd4/a/vps/SplinTer/backup/nastycode.com/%0a61c60%0a%3c du -sh $LOCALBACKUP%0a---%0a> du -sh /home/backup/$DATE%0a63c62%0a%3c echo "Uploading to $BACKUP_DESTINATION Is Complete! File Path On VPS Server $DATE"%0a---%0a> echo "Uploading to $BACKUP_DESTINATION Is Complete! File Path On VPS Server /home/backup/sd4/a/vps/SplinTer/backup/nastycode.com/"%0a
host:1731437407=138.43.182.133
blob - e1e1414486b3303090d5a6e3f596c9dfd52c7952
blob + 07378afaa4d7af679bfbe1332c2667e8037af53a
--- wiki.d/Almanack.RecentChanges
+++ wiki.d/Almanack.RecentChanges
ctime=1614490687
host=138.43.182.133
name=Almanack.RecentChanges
-rev=647
-text=* [[Almanack/AdvancedMailServerSetup]] . . . @2024-11-13T04:09:42Z by [[~SplinTer]]: [==]%0a* [[Almanack/Almanack]] . . . @2024-11-13T04:08:39Z by [[~SplinTer]]: [==]%0a* [[Almanack/SetupMailServer]] . . . @2024-11-13T04:07:16Z by [[~SplinTer]]: [==]%0a* [[Almanack/DumpBackupWithSCP]] . . . @2024-11-12T18:50:07Z by [[~SplinTer]]: [==]%0a* [[Almanack/TheloungeWebircClient]] . . . @2024-02-01T13:39:12Z by [[~SplinTer]]: [==]%0a* [[Almanack/Route]] . . . April 20, 2022, at 06:23 AM by [[~jrmu]]: [==]%0a* [[Almanack/Rewrite]] . . . October 31, 2021, at 10:30 PM by [[~hydragyrum]]: [==]%0a* [[Almanack/Alt]] . . . August 02, 2021, at 07:52 AM by [[~jrmu]]: [==]%0a
-time=1731470982
+rev=671
+text=* [[Almanack/Almanack]] . . . @2024-11-14T04:59:40Z by [[~SplinTer]]: [==]%0a* [[Almanack/AdvancedMailServerSetup]] . . . @2024-11-14T02:28:19Z by [[~SplinTer]]: [==]%0a* [[Almanack/SystemStatsSh]] . . . @2024-11-14T01:29:56Z by [[~SplinTer]]: [==]%0a* [[Almanack/DumpBackupWithSCP]] . . . @2024-11-14T01:29:32Z by [[~SplinTer]]: [==]%0a* [[Almanack/SetupMailServer]] . . . @2024-11-13T04:07:16Z by [[~SplinTer]]: [==]%0a* [[Almanack/TheloungeWebircClient]] . . . @2024-02-01T13:39:12Z by [[~SplinTer]]: [==]%0a* [[Almanack/Route]] . . . April 20, 2022, at 06:23 AM by [[~jrmu]]: [==]%0a* [[Almanack/Rewrite]] . . . October 31, 2021, at 10:30 PM by [[~hydragyrum]]: [==]%0a* [[Almanack/Alt]] . . . August 02, 2021, at 07:52 AM by [[~jrmu]]: [==]%0a
+time=1731560380
blob - /dev/null
blob + 8494b882ed45bf74972c0062faf398d3f8577258 (mode 644)
--- /dev/null
+++ wiki.d/Almanack.SetupMailServer
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
+author=SplinTer
+charset=UTF-8
+csum=
+ctime=1731470450
+host=138.43.182.133
+name=Almanack.SetupMailServer
+rev=2
+targets=
+text=How to configure a small mail server%0a%0aIntroduction%0aYes, another post about setting up a mail server. I know, there are plenty similar posts already out there… This one is about setting up a mail server on an Internet facing host. It will accept and send mails for a domain, store the accepted mails locally and deliver them using POP3. This is a rather lengthy post because there are quite some pieces to put together.%0a%0aBuilding blocks%0aI use the following software to build my mail server out in the wild Internet:%0a%0aOpenSMTPD%0arspamd%0aClamAV%0aDovecot%0aLet’s Encrypt%0aOpenSMTPD will handle incoming and outgoing mail using SMTP. rspamd will support it in fighting incoming spam and malware (using ClamAV), and signing outgoing mail using DKIM. Dovecot stores received mail for users and delivers it using POP3. Finally acme-client(8) is used to manage the certificate from Let’s Encrypt.%0a%0aBasic assumptions%0aThe configuration I describe in this post is based on some assumptions about the server and its environment:%0a%0aBoth IPv4 and IPv6 are used%0aThe server is the primary MX for the domain%0aBoth OpenSMTPD and Dovecot run on the same server%0aMail users must authenticate for both, POP3 and SMTP%0aThere are only a handful of mail users on this server%0aMail is just stored on the server until users fetch it%0aThis setup is suited for a small domain providing mail services to few users. User management is done manually and mail is stored locally. If this doesn’t fit your needs you might consider using one of the many other mail server guides out there.%0a%0aBefore you start installing and configuring any software on your OpenBSD system I suggest that you consider using full disk encryption on it. Especially if your mail server is hosted at some provider.%0a%0aPreparations%0aFirst you should install the required software packages:%0a%0a[@%0a$ doas pkg_add -i dovecot opensmtpd-extras rspamd opensmtpd-filter-rspamd%0a@]%0a%0aNext you create the system user which will be used for handling mails:%0a%0a[@%0adoas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a$ doas mkdir /var/vmail%0a$ doas chown vmail:vmail /var/vmail%0a$ doas chmod 0750 /var/vmail%0a$ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a$ doas chown _smtpd:_dovecot /etc/mail/passwd%0a$ doas chmod 770 /etc/mail/dkim/%0a$ doas chmod 440 /etc/mail/passwd%0a$ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a@]%0a%0aAnd you create the passwd(5) which will hold the information about the mail users on your system:%0a%0a[@%0a$ smtpctl encrypt 1amApASSw0rd | sed "s/^/muser:/;s/$/::::::/" > passwd%0a$ doas mv passwd /etc/mail/passwd%0a$ doas chown _dovecot:_smtpd /etc/mail/passwd%0a$ doas chmod 0440 /etc/mail/passwd%0a@]%0a%0aIf you want to use DKIM to sign your outgoing mail it is time to create the key for it:%0a%0a[@%0a$ doas mkdir /etc/mail/dkim%0a$ doas openssl genrsa -out /etc/mail/dkim/example.net.key 1024%0a$ doas openssl rsa -in /etc/mail/dkim/example.net.key -pubout \%0a> -out /etc/mail/dkim/example.net.pub%0a$ doas chgrp _rspamd /etc/mail/dkim/example.net.key%0a$ doas chmod 0640 /etc/mail/dkim/example.net.key%0a@]%0a%0aThere are some entries required in the DNS zone of your domain. The following command will generate a text file ready to import into the zone file:%0a%0a[@%0a$ echo ' MX 10 mail.example.net.' > rrs.txt%0a$ echo ' TXT "v=spf1 mx -all"' >> rrs.txt%0a$ echo 'mail A 192.0.2.10' >> rrs.txt%0a$ echo ' AAAA 2001:db8::c000:020a' >> rrs.txt%0a$ echo 'pop3 CNAME mail' >> rrs.txt%0a$ echo '$ORIGIN _domainkey.example.net.' >> rrs.txt%0a$ pubkey=$(sed /^-/d /etc/mail/dkim/example.net.pub | tr -d '\n')%0a$ echo "default TXT \"v=DKIM1;k=rsa;p=${pubkey}\"" >> rrs.txt%0a@]%0a%0aCertificates from Let’s Encrypt%0aOf course you can use any certificate provider who supports the ACME protocol. I use Let’s Encrypt because they provide certificates for free, which is a huge win if you run a small site like this one.%0a%0aYou will use httpd(8) to answer the challenges. Create a /etc/httpd.conf similar to this one:%0a%0a[@%0aserver "mail.example.net" {%0a listen on egress port http%0a alias "pop3.example.net"%0a root "/"%0a location "/.well-known/acme-challenge/*" {%0a request strip 2%0a root "/acme"%0a }%0a}%0a%0atypes {%0a include "/usr/share/misc/mime.types"%0a}%0a@]%0a%0aTest your configuration, enable and start httpd(8):%0a%0a[@%0a$ doas httpd -n%0a$ doas rcctl enable httpd%0a$ doas rcctl start httpd%0a@]%0a%0aNow acme-client(8) needs to know what to do and with whom. Take /etc/examples/acme-client.conf, adapt it to your needs and save the result as /etc/acme-client.conf:%0a%0a[@%0aauthority letsencrypt {%0a api url "https://acme-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-privkey.pem"%0a}%0a%0aauthority letsencrypt-staging {%0a api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a}%0a%0adomain mail.example.net {%0a alternative names {%0a pop3.example.net%0a }%0a domain key "/etc/ssl/private/mail.example.net.key"%0a domain full chain certificate "/etc/ssl/mail.example.net.crt"%0a sign with letsencrypt%0a}%0a@]%0a%0aThis config will issue a valid certificate right away. If you feel like testing in the first place, you should change the line sign with to letsencrypt-staging until you feel comfortable with the process.%0a%0aBefore you can get your certificate you must make sure pf(4) lets the requests actually pass through to httpd(8). Add a rule similar to the following one to your pf.conf(5):%0a%0apass in log on egress proto tcp from any to egress port http%0aAfter adding this rule to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a%0a[@%0a$ doas pfctl -nf /etc/pf.conf%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a%0aNow you can get your certificate using the following command:%0a%0a[@%0a$ doas acme-client mail.example.net%0a@]%0a%0aCertificates have an expiry date, like groceries. You may want to make sure your certificate gets renewed automatically before it expires. The file /etc/daily.local can take care of this for you:%0a%0a[@%0a#!/bin/sh%0a%0a/usr/sbin/acme-client mail.example.net%0a[[ $? -eq 0 ]] && rcctl restart smtpd dovecot%0a@]%0a%0aAnti-malware shield ClamAV%0aClamAV will be used by rspamd to scan attachments for malware. To do so you need some configuration for ClamAV first in order to run it as a daemon and to keep the malware database up to date. Or if you run a malware scan server in your environment you can connect rspamd to it.%0a%0aFirst you configure the daemon freshclam to make sure the malware database of ClamAV stays up to date. The file /etc/freshclam.conf contains the following settings:%0a%0a[@%0aLogTime yes%0aLogSyslog yes%0aLogFacility LOG_DAEMON%0aDatabaseMirror db.ch.clamav.net%0aDatabaseMirror database.clamav.net%0aNotifyClamd /etc/clamd.conf%0a@]%0a%0aEnable and start freshclam now so it has time to update the signature database for ClamAV:%0a%0a[@%0a$ doas rcctl enable freshclam%0a$ doas rcctl start freshclam%0a@]%0a%0aNext you configure clamd. In /etc/clamd.conf the following lines are set:%0a%0a[@%0aLogTime yes%0aLogSyslog yes%0aLogFacility LOG_DAEMON%0aTemporaryDirectory /tmp%0aLocalSocket /var/clamav/clamd.sock%0aTCPSocket 3310%0aTCPAddr 127.0.0.1%0aUser _clamav%0aDetectPUA yes%0aAlertEncrypted yes%0aAlertEncryptedArchive yes%0aAlertEncryptedDoc yes%0aAlertOLE2Macros yes%0aAlertPhishingSSLMismatch yes%0aAlertPhishingCloak yes%0aMaxRecursion 12%0a@]%0a%0aYou may want to study the man page of clamd.conf and consider each of the options named Alert*. Some of these may block attachments you actually don’t want to get blocked on your mail server. As soon as you are happy with your configuration it is time to enable and start clamd:%0a%0a[@%0a$ doas rcctl enable clamd%0a$ doas rcctl start clamd%0a@]%0a%0aYou may get a timeout warning after the start command. Using pgrep(1) you can check if clamd is actually running or not. In most cases it will be running and you can ignore the timeout message.%0a%0aSantas storage bag Redis%0aThe preferred storage for rspamd data is Redis. It used to be one of those packages you could just install and start. But not anymore. First of all you will want Redis to listen to a UNIX socket on the local machine. Those come with far less overhead than TCP sockets and therefore speed up the communication between rspamd and Redis. Add the following two lines to /etc/redis/redis.conf:%0a%0a[@%0aunixsocket /var/run/redis/redis.sock%0aunixsocketperm 770%0a@]%0a%0aMake sure that rspamd can write to the socket. Unfortunately Redis does not support setting owner/group for the socket. So you have to make the user _rspamd a member of the group _redis:%0a%0a[@%0a$ doas usermod -G _redis _rspamd%0a@]%0a%0aIf the logs of rspamd show messages containing:%0a%0aERR max number of clients reached%0ait is necessary to increase the number of allowed clients in Redis. By default this is set to 96. You can increase the value by tweaking the setting maxclients in /etc/redis/redis.conf:%0a%0a[@%0amaxclients 128%0a@]%0a%0aYou might need to use even higher number, depending on what modules of rspamd you actually use with Redis.%0a%0aSantas little helper rspamd%0arspamd will cover all the extra needs we have today when running a mail server out in the wild. It provides a highly customizable and trainable spam filter, malware filter, greylisting and DKIM signing.%0a%0aWhile most modules work out of the box the DKIM signing needs configuration in order to find the key it should use to sign mails. Create the /etc/rspamd/local.d/dkim_signing.conf containing this:%0a%0a[@%0aallow_username_mismatch = true;%0asign_networks = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a%0adomain {%0a example.net {%0a path = "/etc/mail/dkim/example.net.key";%0a selector = "default";%0a }%0a}%0a@]%0a%0aThe line sign_networks is only needed if you have other servers in the same domain that will use this MX as relay.%0a%0aFurthermore you have to tell rspamd under which circumstances it should perform DKIM signing only. The common cases for this are mails from authenticated users and mails from other systems in the same domain. In /etc/rspamd/local.d/settings.conf add the following two blocks:%0a%0a[@%0asign_auth {%0a id = "sign_auth";%0a authenticated = true;%0a apply {%0a symbols_enabled = ["DKIM_SIGNED"];%0a flags = ["skip_process"];%0a }%0a}%0a%0asign_only {%0a id = "sign_only";%0a ip = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a apply {%0a symbols_enabled = ["DKIM_SIGNED"];%0a flags = ["skip_process"];%0a }%0a}%0a@]%0a%0aIn case you use ClamAV for malware scanning this module of rspamd needs some configuration too. Create the file /etc/rspamd/local.d/antivirus.conf with the following content:%0a%0a[@%0aclamav {%0a action = "reject";%0a message = '${SCANNER}: virus found: "${VIRUS}"';%0a scan_mime_parts = true;%0a scan_image_mime = false;%0a symbol = "CLAM_VIRUS";%0a type = "clamav";%0a prefix = "rs_cl_";%0a servers = "/var/clamav/clamd.sock";%0a whitelist = "${DBDIR}/wl_antivirus.map.local";%0a}%0a@]%0a%0aThese settings are very strict by rejecting every mail that scans positive for malware. Depending on your needs you may want to reconsider this and add a high score to the mail instead. This gives you the chance to put into quarantine instead of blocking it completely.%0a%0aIf rspamd keeps misclassifying mails from particular domains you may want to improve the score of those mails by whitelisting these. Create the file /etc/rspamd/local.d/multimap.conf:%0a%0a[@%0aWHITELIST_SENDER_DOMAIN {%0a type = "from";%0a filter = "email:domain";%0a map = "${DBDIR}/wl_sender_domain.map.local";%0a score = -5.0;%0a}%0a@]%0a%0aSome of the modules of rspamd work best using Redis as storage. To make sure all these modules use your local Redis instance create a file /etc/rspamd/local.d/redis.conf containing the following line:%0a%0a[@%0aservers = "/var/run/redis/redis.sock";%0a@]%0a%0aIn case you have not enabled the UNIX domain socket for Redis you can replace the path by localhost so it will use the TCP connection instead.%0a%0aIn case you want to redirect the logging of rspamd from /var/log/rspamd/rspamd.log to the general /var/log/maillog you need to create the file /etc/rspamd/local.d/logging.inc with the following content:%0a%0a[@%0atype = "syslog";%0afacility = "mail";%0alevel = "notice";%0a@]%0a%0aIt is time to enable and start rspamd and its memory storage Redis:%0a%0a[@%0a$ doas rcctl enable redis rspamd%0a$ doas rcctl start redis rspamd%0a@]%0a%0aDovecot as POP3 server%0aFirst, follow the pkg-readme of Dovecot and create an own login class for it in /etc/login.conf:%0a%0a[@%0adovecot:\%0a :openfiles-cur=1024:\%0a :openfiles-max=2048:\%0a :tc=daemon:%0a@]%0a%0aI recommend to you to put the actual configuration of Dovecot into /etc/dovecot/local.conf and leave all the other config files alone (with one exception further down). This way updates won’t destroy your configuration. For a POP3-only configuration the file should look similar to this one:%0a%0a[@%0ahostname = mail.example.net%0alisten = 192.0.2.10, 2001:db8::c000:020a%0alogin_greeting = "%25s.example.net ready"%0amail_home = /home/vmail/%25d/%25n%0amail_location = mbox:~/mbox%0apop3_fast_size_lookups = yes%0apop3_no_flag_updates = yes%0apop3_uidl_format = %25g%0aprotocols = lmtp pop3%0assl = yes%0assl_cert = %3c/etc/ssl/mail.example.net.fullchain.pem%0assl_key = %3c/etc/ssl/private/mail.example.net.key%0assl_dh = %3c/etc/ssl/dh4096.pem%0assl_min_protocol = TLSv1.2%0assl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH%0assl_prefer_server_ciphers = yes%0a%0apassdb {%0a driver = passwd-file%0a args = scheme=blf-crypt /etc/mail/passwd%0a}%0a%0aservice auth {%0a unix_listener auth-userdb {%0a mode = 0600%0a user = vmail%0a }%0a}%0a%0aservice lmtp {%0a user = vmail%0a}%0a%0aservice pop3-login {%0a inet_listener pop3 {%0a address = 127.0.0.1, ::1%0a }%0a}%0a%0aservice stats {%0a unix_listener stats-writer {%0a user = vmail%0a group = _dovecot%0a }%0a}%0a%0auserdb {%0a driver = static%0a args = uid=vmail gid=vmail home=/home/vmail/%25d/%25n%0a}%0a@]%0a%0aThe configuration makes POP3 available on the public IP addresses using TCP port 995 which requires an encrypted connection right from the start. This makes it hard for users to send clear text passwords over an clear text connection. For debugging purposes there is a clear text connection available on localhost TCP port 110.%0a%0aDue to a bug in the config parser of Dovecot you must comment out two lines in /etc/dovecot/conf.d/10-ssl.conf or the loading of the certificate and key files will fail:%0a%0a[@%0a$ doas sed -i "/^ssl_[cert|key]/s/^/#/" /etc/dovecot/conf.d/10-ssl.conf%0a@]%0a%0aCheck your configuration so far by testing the login for mail users with the following commands:%0a%0a[@%0a$ doas doveadm user muser@example.net%0a$ doas doveadm auth login muser@example.net%0a@]%0a%0aThe first command should give you information about the account muser while the second one should check if the password you’ve set for muser is correct.%0a%0aBeside POP3 Dovecot also listens for LMTP connections on the local UNIX socket /var/dovecot/lmtp. OpenSMTPD will use this socket to hand over received mails to Dovecot.%0a%0aOpenSMTPD as mail transport agent%0aYour server probably got another hostname, so make sure OpenSMTPD always identifies with the right name:%0a%0a[@%0a# echo "mail.example.net" > /etc/mail/mailname%0a@]%0a%0aNext, you want to make sure that OpenSMTPD knows about the valid recipient addresses on the system and which of the default addresses get redirected to whom. You define such a table(5) in /etc/mail/virtuals:%0a%0a[@%0aabuse@example.net: muser@example.net%0ahostmaster@example.net: muser@example.net%0apostmaster@example.net: muser@example.net%0amuser@example.net: vmail%0a@]%0a%0aEach valid mailbox on the left side either gets redirected to another valid mailbox defined in this file or to the system user that handles mails for us. Every recipient address that points to the system user will get it’s own mailbox.%0a%0aThere is another table called trusted. You can put IP addresses in it of hosts that you trust although both DNS checks fail for these. For the below example configuration to work you need to create the file at least:%0a%0a[@%0a$ doas touch /etc/mail/trusted%0a@]%0a%0aIf you want to redirect local mails into one of the mailboxes of the domain you should add a line similar to the following one to /etc/mail/aliases:%0a%0a[@%0auser: muser@example.net%0a@]%0a%0aUp next is the actual configuration of OpenSMTPD. I suggest you start out with a fresh /etc/mail/smtpd.conf - either put away the original or clear it first.%0a%0a[@%0aname="mail.example.net"%0a%0atable aliases file:/etc/mail/aliases%0atable passwd passwd:/etc/mail/passwd%0atable trusted file:/etc/mail/trusted%0atable virtuals file:/etc/mail/virtuals%0a%0asmtp ciphers "TLSv1.3:TLSv1.2:!NULL"%0asmtp max-message-size "10M"%0a%0apki $name cert "/etc/ssl/mail.example.net.crt"%0apki $name key "/etc/ssl/private/mail.example.net.key"%0a%0afilter trusted phase connect match src %3ctrusted> bypass%0afilter no_rdns phase connect match !rdns disconnect \%0a "550 rDNS is required around here"%0afilter no_fcrdns phase connect match !fcrdns disconnect \%0a "550 FCrDNS is required around here"%0afilter rspamd proc-exec "filter-rspamd"%0afilter checks chain { trusted, no_rdns, no_fcrdns, rspamd }%0a%0alisten on lo0%0alisten on $name tls pki $name filter checks%0alisten on $name smtps pki $name filter checks%0alisten on $name port submission tls-require pki $name \%0a auth %3cpasswd> filter rspamd%0a%0aaction "local" mbox alias %3caliases>%0aaction "deliver" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvirtuals>%0aaction "outbound" relay%0a%0amatch from local for local action "local"%0amatch from any for domain "example.net" action "deliver"%0amatch from local for any action "outbound"%0amatch auth from any for any action "outbound"%0a@]%0a%0aCheck your configuration and restart smtpd(8):%0a%0a[@%0a$ doas smtpd -n%0a$ doas rcctl restart smtpd%0a@]%0a%0aFirewall rules to go live%0aSo far pf(4) is blocking access to the ports of the daemons you have configured and started. If you are confident that your setup is OK it is time to go live with the services. Add the following rules to /etc/pf.conf:%0a%0a[@%0amail="{ smtp smtps submission pop3s }"%0a%0atable %3cbruteforce> persist file "/etc/pf.bruteforce"%0a%0ablock drop in log quick on egress from %3cbruteforce> to any%0a%0apass in log on egress proto tcp from any to egress port $mail \%0a (max-src-conn 5, max-src-conn-rate 1/1, overload %3cbruteforce> flush)%0a@]%0a%0aThese rules allow traffic to pass to the TCP ports you have configured for OpenSMTPD and Dovecot. Packets from misbehaving clients get dropped silently. Misbehaving is defined as opening more than five connections from the same source IP or opening connections faster that one per second.%0a%0aAfter adding these rules to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a%0a[@%0a$ doas pfctl -nf /etc/pf.conf%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a%0aCatching the slow brute force attackers%0aIf you open one or more ports that require authentication - like 587/tcp (submission) above - you will face brute force attacks sooner or later. Limiting the allowed connections and rates in the pf(4) rule does block common brute force attackers effectively.%0a%0aBut there is this other kind of attackers. Those who try to fly under the radar by only connecting once every minute or so. Although this does not match the definition of a brute force attack, these connections tend to fill the logs. And by guessing common combinations of user name and password they might actually land a lucky punch.%0a%0aOne way to deal with the problem could be to extend the script addbrute.sh with the following lines:%0a%0a# Catch authentication failures from OpenSMTPD%0a%0a[@%0afor id in $(grep failed-command.*AUTH ${logf}) ; do%0a grep ${id}.*address= ${logf} | sed "s/.*address=//;s/ .*//"%0adone >> ${dump}%0a@]%0a%0a# Catch shady connections to POP3%0a%0a[@%0agrep pop3-login.*no auth attempts" ${logf} | sed "s/.*rip=//;s/, .*//" >> ${dump}%0a@]%0a%0aBeware that this script must be run as root and that it might affect your legitimate users as well as any attackers. The script doesn’t have any restrictions about the age of the log entries. This makes it hard to remove false positives from the table without having them readded during the next run of the script.%0a%0a[@%0aTeaching rspamd some lessons%0a@]%0a%0aNo matter how good a spam detection system is, you will have both false positives (messages that are actually not spam) and false negatives (spam messages that are not detected as such). Lucky for you rspamd comes with a web interface to monitor and tune it. By default this web interface is accessible without any kind of authentication. Therefore it is only listening on localhost. The easiest way to access it is using port forwarding of ssh(1). Adding a line like this to ~/.ssh/config should do the trick:%0a%0a[@%0aHost mail.example.net%0a LocalForward 11334 127.0.0.1:11334%0aWhenever you are logged in to mail.example.net using ssh(1) you can access the rspamd web interface in your browser with this link: http://localhost:11334/%0a@]%0a%0aAdding and removing mailboxes%0aAdding an additional mailbox to the server is as easy as using the following three commands:%0a%0a[@%0a# echo "nuser@example.net:$(smtpctl encrypt Password)::::::" >> /etc/mail/passwd%0a# echo "nuser@example.net: vmail" >> /etc/mail/virtuals%0a# smtpctl update table virtuals%0a@]%0a%0aDovecot will take care of creating the required files and folders to store the mails as soon as the first mail arrives to the new mailbox.%0a%0aDisabling a no longer needed mailbox is equally simple:%0a%0a[@%0a# sed -i /nuser@example\.net/d /etc/mail/passwd%0a# sed -i /nuser@example\.net/d /etc/mail/virtuals%0a# smtpctl update table virtuals%0a@]%0a%0aIf you want to remove the mailbox completely including any mails left in it you can issue this command after disabling the mailbox:%0a%0a[@%0a# rm -rf /home/vmail/example.net/nuser%0a@]
+time=1731470836
+author:1731470836=SplinTer
+diff:1731470836:1731470450:=39,47c39,42%0a%3c doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail%0a%3c $ doas mkdir /var/vmail%0a%3c $ doas chown vmail:vmail /var/vmail%0a%3c $ doas chmod 0750 /var/vmail%0a%3c $ doas chown -R _dkimsign:_dkimsign /etc/mail/dkim/%0a%3c $ doas chown _smtpd:_dovecot /etc/mail/passwd%0a%3c $ doas chmod 770 /etc/mail/dkim/%0a%3c $ doas chmod 440 /etc/mail/passwd%0a%3c $ doas find /etc/mail ! -path /etc/mail -exec chmod o-rwx '{}' +%0a---%0a> $ doas useradd -c "Virtual Mail" -d /home/vmail -g =uid -s $(which nologin) vmail%0a> $ doas mkdir /home/vmail%0a> $ doas chown vmail:vmail /home/vmail%0a> $ doas chmod 0750 /home/vmail%0a
+host:1731470836=138.43.182.133
+author:1731470450=SplinTer
+diff:1731470450:1731470450:=1,568d0%0a%3c How to configure a small mail server%0a%3c %0a%3c Introduction%0a%3c Yes, another post about setting up a mail server. I know, there are plenty similar posts already out there… This one is about setting up a mail server on an Internet facing host. It will accept and send mails for a domain, store the accepted mails locally and deliver them using POP3. This is a rather lengthy post because there are quite some pieces to put together.%0a%3c %0a%3c Building blocks%0a%3c I use the following software to build my mail server out in the wild Internet:%0a%3c %0a%3c OpenSMTPD%0a%3c rspamd%0a%3c ClamAV%0a%3c Dovecot%0a%3c Let’s Encrypt%0a%3c OpenSMTPD will handle incoming and outgoing mail using SMTP. rspamd will support it in fighting incoming spam and malware (using ClamAV), and signing outgoing mail using DKIM. Dovecot stores received mail for users and delivers it using POP3. Finally acme-client(8) is used to manage the certificate from Let’s Encrypt.%0a%3c %0a%3c Basic assumptions%0a%3c The configuration I describe in this post is based on some assumptions about the server and its environment:%0a%3c %0a%3c Both IPv4 and IPv6 are used%0a%3c The server is the primary MX for the domain%0a%3c Both OpenSMTPD and Dovecot run on the same server%0a%3c Mail users must authenticate for both, POP3 and SMTP%0a%3c There are only a handful of mail users on this server%0a%3c Mail is just stored on the server until users fetch it%0a%3c This setup is suited for a small domain providing mail services to few users. User management is done manually and mail is stored locally. If this doesn’t fit your needs you might consider using one of the many other mail server guides out there.%0a%3c %0a%3c Before you start installing and configuring any software on your OpenBSD system I suggest that you consider using full disk encryption on it. Especially if your mail server is hosted at some provider.%0a%3c %0a%3c Preparations%0a%3c First you should install the required software packages:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add -i dovecot opensmtpd-extras rspamd opensmtpd-filter-rspamd%0a%3c @]%0a%3c %0a%3c Next you create the system user which will be used for handling mails:%0a%3c %0a%3c [@%0a%3c $ doas useradd -c "Virtual Mail" -d /home/vmail -g =uid -s $(which nologin) vmail%0a%3c $ doas mkdir /home/vmail%0a%3c $ doas chown vmail:vmail /home/vmail%0a%3c $ doas chmod 0750 /home/vmail%0a%3c @]%0a%3c %0a%3c And you create the passwd(5) which will hold the information about the mail users on your system:%0a%3c %0a%3c [@%0a%3c $ smtpctl encrypt 1amApASSw0rd | sed "s/^/muser:/;s/$/::::::/" > passwd%0a%3c $ doas mv passwd /etc/mail/passwd%0a%3c $ doas chown _dovecot:_smtpd /etc/mail/passwd%0a%3c $ doas chmod 0440 /etc/mail/passwd%0a%3c @]%0a%3c %0a%3c If you want to use DKIM to sign your outgoing mail it is time to create the key for it:%0a%3c %0a%3c [@%0a%3c $ doas mkdir /etc/mail/dkim%0a%3c $ doas openssl genrsa -out /etc/mail/dkim/example.net.key 1024%0a%3c $ doas openssl rsa -in /etc/mail/dkim/example.net.key -pubout \%0a%3c > -out /etc/mail/dkim/example.net.pub%0a%3c $ doas chgrp _rspamd /etc/mail/dkim/example.net.key%0a%3c $ doas chmod 0640 /etc/mail/dkim/example.net.key%0a%3c @]%0a%3c %0a%3c There are some entries required in the DNS zone of your domain. The following command will generate a text file ready to import into the zone file:%0a%3c %0a%3c [@%0a%3c $ echo ' MX 10 mail.example.net.' > rrs.txt%0a%3c $ echo ' TXT "v=spf1 mx -all"' >> rrs.txt%0a%3c $ echo 'mail A 192.0.2.10' >> rrs.txt%0a%3c $ echo ' AAAA 2001:db8::c000:020a' >> rrs.txt%0a%3c $ echo 'pop3 CNAME mail' >> rrs.txt%0a%3c $ echo '$ORIGIN _domainkey.example.net.' >> rrs.txt%0a%3c $ pubkey=$(sed /^-/d /etc/mail/dkim/example.net.pub | tr -d '\n')%0a%3c $ echo "default TXT \"v=DKIM1;k=rsa;p=${pubkey}\"" >> rrs.txt%0a%3c @]%0a%3c %0a%3c Certificates from Let’s Encrypt%0a%3c Of course you can use any certificate provider who supports the ACME protocol. I use Let’s Encrypt because they provide certificates for free, which is a huge win if you run a small site like this one.%0a%3c %0a%3c You will use httpd(8) to answer the challenges. Create a /etc/httpd.conf similar to this one:%0a%3c %0a%3c [@%0a%3c server "mail.example.net" {%0a%3c listen on egress port http%0a%3c alias "pop3.example.net"%0a%3c root "/"%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c request strip 2%0a%3c root "/acme"%0a%3c }%0a%3c }%0a%3c %0a%3c types {%0a%3c include "/usr/share/misc/mime.types"%0a%3c }%0a%3c @]%0a%3c %0a%3c Test your configuration, enable and start httpd(8):%0a%3c %0a%3c [@%0a%3c $ doas httpd -n%0a%3c $ doas rcctl enable httpd%0a%3c $ doas rcctl start httpd%0a%3c @]%0a%3c %0a%3c Now acme-client(8) needs to know what to do and with whom. Take /etc/examples/acme-client.conf, adapt it to your needs and save the result as /etc/acme-client.conf:%0a%3c %0a%3c [@%0a%3c authority letsencrypt {%0a%3c api url "https://acme-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-privkey.pem"%0a%3c }%0a%3c %0a%3c authority letsencrypt-staging {%0a%3c api url "https://acme-staging-v02.api.letsencrypt.org/directory"%0a%3c account key "/etc/acme/letsencrypt-staging-privkey.pem"%0a%3c }%0a%3c %0a%3c domain mail.example.net {%0a%3c alternative names {%0a%3c pop3.example.net%0a%3c }%0a%3c domain key "/etc/ssl/private/mail.example.net.key"%0a%3c domain full chain certificate "/etc/ssl/mail.example.net.crt"%0a%3c sign with letsencrypt%0a%3c }%0a%3c @]%0a%3c %0a%3c This config will issue a valid certificate right away. If you feel like testing in the first place, you should change the line sign with to letsencrypt-staging until you feel comfortable with the process.%0a%3c %0a%3c Before you can get your certificate you must make sure pf(4) lets the requests actually pass through to httpd(8). Add a rule similar to the following one to your pf.conf(5):%0a%3c %0a%3c pass in log on egress proto tcp from any to egress port http%0a%3c After adding this rule to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -nf /etc/pf.conf%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a%3c %0a%3c Now you can get your certificate using the following command:%0a%3c %0a%3c [@%0a%3c $ doas acme-client mail.example.net%0a%3c @]%0a%3c %0a%3c Certificates have an expiry date, like groceries. You may want to make sure your certificate gets renewed automatically before it expires. The file /etc/daily.local can take care of this for you:%0a%3c %0a%3c [@%0a%3c #!/bin/sh%0a%3c %0a%3c /usr/sbin/acme-client mail.example.net%0a%3c [[ $? -eq 0 ]] && rcctl restart smtpd dovecot%0a%3c @]%0a%3c %0a%3c Anti-malware shield ClamAV%0a%3c ClamAV will be used by rspamd to scan attachments for malware. To do so you need some configuration for ClamAV first in order to run it as a daemon and to keep the malware database up to date. Or if you run a malware scan server in your environment you can connect rspamd to it.%0a%3c %0a%3c First you configure the daemon freshclam to make sure the malware database of ClamAV stays up to date. The file /etc/freshclam.conf contains the following settings:%0a%3c %0a%3c [@%0a%3c LogTime yes%0a%3c LogSyslog yes%0a%3c LogFacility LOG_DAEMON%0a%3c DatabaseMirror db.ch.clamav.net%0a%3c DatabaseMirror database.clamav.net%0a%3c NotifyClamd /etc/clamd.conf%0a%3c @]%0a%3c %0a%3c Enable and start freshclam now so it has time to update the signature database for ClamAV:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable freshclam%0a%3c $ doas rcctl start freshclam%0a%3c @]%0a%3c %0a%3c Next you configure clamd. In /etc/clamd.conf the following lines are set:%0a%3c %0a%3c [@%0a%3c LogTime yes%0a%3c LogSyslog yes%0a%3c LogFacility LOG_DAEMON%0a%3c TemporaryDirectory /tmp%0a%3c LocalSocket /var/clamav/clamd.sock%0a%3c TCPSocket 3310%0a%3c TCPAddr 127.0.0.1%0a%3c User _clamav%0a%3c DetectPUA yes%0a%3c AlertEncrypted yes%0a%3c AlertEncryptedArchive yes%0a%3c AlertEncryptedDoc yes%0a%3c AlertOLE2Macros yes%0a%3c AlertPhishingSSLMismatch yes%0a%3c AlertPhishingCloak yes%0a%3c MaxRecursion 12%0a%3c @]%0a%3c %0a%3c You may want to study the man page of clamd.conf and consider each of the options named Alert*. Some of these may block attachments you actually don’t want to get blocked on your mail server. As soon as you are happy with your configuration it is time to enable and start clamd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable clamd%0a%3c $ doas rcctl start clamd%0a%3c @]%0a%3c %0a%3c You may get a timeout warning after the start command. Using pgrep(1) you can check if clamd is actually running or not. In most cases it will be running and you can ignore the timeout message.%0a%3c %0a%3c Santas storage bag Redis%0a%3c The preferred storage for rspamd data is Redis. It used to be one of those packages you could just install and start. But not anymore. First of all you will want Redis to listen to a UNIX socket on the local machine. Those come with far less overhead than TCP sockets and therefore speed up the communication between rspamd and Redis. Add the following two lines to /etc/redis/redis.conf:%0a%3c %0a%3c [@%0a%3c unixsocket /var/run/redis/redis.sock%0a%3c unixsocketperm 770%0a%3c @]%0a%3c %0a%3c Make sure that rspamd can write to the socket. Unfortunately Redis does not support setting owner/group for the socket. So you have to make the user _rspamd a member of the group _redis:%0a%3c %0a%3c [@%0a%3c $ doas usermod -G _redis _rspamd%0a%3c @]%0a%3c %0a%3c If the logs of rspamd show messages containing:%0a%3c %0a%3c ERR max number of clients reached%0a%3c it is necessary to increase the number of allowed clients in Redis. By default this is set to 96. You can increase the value by tweaking the setting maxclients in /etc/redis/redis.conf:%0a%3c %0a%3c [@%0a%3c maxclients 128%0a%3c @]%0a%3c %0a%3c You might need to use even higher number, depending on what modules of rspamd you actually use with Redis.%0a%3c %0a%3c Santas little helper rspamd%0a%3c rspamd will cover all the extra needs we have today when running a mail server out in the wild. It provides a highly customizable and trainable spam filter, malware filter, greylisting and DKIM signing.%0a%3c %0a%3c While most modules work out of the box the DKIM signing needs configuration in order to find the key it should use to sign mails. Create the /etc/rspamd/local.d/dkim_signing.conf containing this:%0a%3c %0a%3c [@%0a%3c allow_username_mismatch = true;%0a%3c sign_networks = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a%3c %0a%3c domain {%0a%3c example.net {%0a%3c path = "/etc/mail/dkim/example.net.key";%0a%3c selector = "default";%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c The line sign_networks is only needed if you have other servers in the same domain that will use this MX as relay.%0a%3c %0a%3c Furthermore you have to tell rspamd under which circumstances it should perform DKIM signing only. The common cases for this are mails from authenticated users and mails from other systems in the same domain. In /etc/rspamd/local.d/settings.conf add the following two blocks:%0a%3c %0a%3c [@%0a%3c sign_auth {%0a%3c id = "sign_auth";%0a%3c authenticated = true;%0a%3c apply {%0a%3c symbols_enabled = ["DKIM_SIGNED"];%0a%3c flags = ["skip_process"];%0a%3c }%0a%3c }%0a%3c %0a%3c sign_only {%0a%3c id = "sign_only";%0a%3c ip = ["192.0.2.11", "[2001:db8::c000:020b]"];%0a%3c apply {%0a%3c symbols_enabled = ["DKIM_SIGNED"];%0a%3c flags = ["skip_process"];%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c In case you use ClamAV for malware scanning this module of rspamd needs some configuration too. Create the file /etc/rspamd/local.d/antivirus.conf with the following content:%0a%3c %0a%3c [@%0a%3c clamav {%0a%3c action = "reject";%0a%3c message = '${SCANNER}: virus found: "${VIRUS}"';%0a%3c scan_mime_parts = true;%0a%3c scan_image_mime = false;%0a%3c symbol = "CLAM_VIRUS";%0a%3c type = "clamav";%0a%3c prefix = "rs_cl_";%0a%3c servers = "/var/clamav/clamd.sock";%0a%3c whitelist = "${DBDIR}/wl_antivirus.map.local";%0a%3c }%0a%3c @]%0a%3c %0a%3c These settings are very strict by rejecting every mail that scans positive for malware. Depending on your needs you may want to reconsider this and add a high score to the mail instead. This gives you the chance to put into quarantine instead of blocking it completely.%0a%3c %0a%3c If rspamd keeps misclassifying mails from particular domains you may want to improve the score of those mails by whitelisting these. Create the file /etc/rspamd/local.d/multimap.conf:%0a%3c %0a%3c [@%0a%3c WHITELIST_SENDER_DOMAIN {%0a%3c type = "from";%0a%3c filter = "email:domain";%0a%3c map = "${DBDIR}/wl_sender_domain.map.local";%0a%3c score = -5.0;%0a%3c }%0a%3c @]%0a%3c %0a%3c Some of the modules of rspamd work best using Redis as storage. To make sure all these modules use your local Redis instance create a file /etc/rspamd/local.d/redis.conf containing the following line:%0a%3c %0a%3c [@%0a%3c servers = "/var/run/redis/redis.sock";%0a%3c @]%0a%3c %0a%3c In case you have not enabled the UNIX domain socket for Redis you can replace the path by localhost so it will use the TCP connection instead.%0a%3c %0a%3c In case you want to redirect the logging of rspamd from /var/log/rspamd/rspamd.log to the general /var/log/maillog you need to create the file /etc/rspamd/local.d/logging.inc with the following content:%0a%3c %0a%3c [@%0a%3c type = "syslog";%0a%3c facility = "mail";%0a%3c level = "notice";%0a%3c @]%0a%3c %0a%3c It is time to enable and start rspamd and its memory storage Redis:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable redis rspamd%0a%3c $ doas rcctl start redis rspamd%0a%3c @]%0a%3c %0a%3c Dovecot as POP3 server%0a%3c First, follow the pkg-readme of Dovecot and create an own login class for it in /etc/login.conf:%0a%3c %0a%3c [@%0a%3c dovecot:\%0a%3c :openfiles-cur=1024:\%0a%3c :openfiles-max=2048:\%0a%3c :tc=daemon:%0a%3c @]%0a%3c %0a%3c I recommend to you to put the actual configuration of Dovecot into /etc/dovecot/local.conf and leave all the other config files alone (with one exception further down). This way updates won’t destroy your configuration. For a POP3-only configuration the file should look similar to this one:%0a%3c %0a%3c [@%0a%3c hostname = mail.example.net%0a%3c listen = 192.0.2.10, 2001:db8::c000:020a%0a%3c login_greeting = "%25s.example.net ready"%0a%3c mail_home = /home/vmail/%25d/%25n%0a%3c mail_location = mbox:~/mbox%0a%3c pop3_fast_size_lookups = yes%0a%3c pop3_no_flag_updates = yes%0a%3c pop3_uidl_format = %25g%0a%3c protocols = lmtp pop3%0a%3c ssl = yes%0a%3c ssl_cert = %3c/etc/ssl/mail.example.net.fullchain.pem%0a%3c ssl_key = %3c/etc/ssl/private/mail.example.net.key%0a%3c ssl_dh = %3c/etc/ssl/dh4096.pem%0a%3c ssl_min_protocol = TLSv1.2%0a%3c ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH%0a%3c ssl_prefer_server_ciphers = yes%0a%3c %0a%3c passdb {%0a%3c driver = passwd-file%0a%3c args = scheme=blf-crypt /etc/mail/passwd%0a%3c }%0a%3c %0a%3c service auth {%0a%3c unix_listener auth-userdb {%0a%3c mode = 0600%0a%3c user = vmail%0a%3c }%0a%3c }%0a%3c %0a%3c service lmtp {%0a%3c user = vmail%0a%3c }%0a%3c %0a%3c service pop3-login {%0a%3c inet_listener pop3 {%0a%3c address = 127.0.0.1, ::1%0a%3c }%0a%3c }%0a%3c %0a%3c service stats {%0a%3c unix_listener stats-writer {%0a%3c user = vmail%0a%3c group = _dovecot%0a%3c }%0a%3c }%0a%3c %0a%3c userdb {%0a%3c driver = static%0a%3c args = uid=vmail gid=vmail home=/home/vmail/%25d/%25n%0a%3c }%0a%3c @]%0a%3c %0a%3c The configuration makes POP3 available on the public IP addresses using TCP port 995 which requires an encrypted connection right from the start. This makes it hard for users to send clear text passwords over an clear text connection. For debugging purposes there is a clear text connection available on localhost TCP port 110.%0a%3c %0a%3c Due to a bug in the config parser of Dovecot you must comment out two lines in /etc/dovecot/conf.d/10-ssl.conf or the loading of the certificate and key files will fail:%0a%3c %0a%3c [@%0a%3c $ doas sed -i "/^ssl_[cert|key]/s/^/#/" /etc/dovecot/conf.d/10-ssl.conf%0a%3c @]%0a%3c %0a%3c Check your configuration so far by testing the login for mail users with the following commands:%0a%3c %0a%3c [@%0a%3c $ doas doveadm user muser@example.net%0a%3c $ doas doveadm auth login muser@example.net%0a%3c @]%0a%3c %0a%3c The first command should give you information about the account muser while the second one should check if the password you’ve set for muser is correct.%0a%3c %0a%3c Beside POP3 Dovecot also listens for LMTP connections on the local UNIX socket /var/dovecot/lmtp. OpenSMTPD will use this socket to hand over received mails to Dovecot.%0a%3c %0a%3c OpenSMTPD as mail transport agent%0a%3c Your server probably got another hostname, so make sure OpenSMTPD always identifies with the right name:%0a%3c %0a%3c [@%0a%3c # echo "mail.example.net" > /etc/mail/mailname%0a%3c @]%0a%3c %0a%3c Next, you want to make sure that OpenSMTPD knows about the valid recipient addresses on the system and which of the default addresses get redirected to whom. You define such a table(5) in /etc/mail/virtuals:%0a%3c %0a%3c [@%0a%3c abuse@example.net: muser@example.net%0a%3c hostmaster@example.net: muser@example.net%0a%3c postmaster@example.net: muser@example.net%0a%3c muser@example.net: vmail%0a%3c @]%0a%3c %0a%3c Each valid mailbox on the left side either gets redirected to another valid mailbox defined in this file or to the system user that handles mails for us. Every recipient address that points to the system user will get it’s own mailbox.%0a%3c %0a%3c There is another table called trusted. You can put IP addresses in it of hosts that you trust although both DNS checks fail for these. For the below example configuration to work you need to create the file at least:%0a%3c %0a%3c [@%0a%3c $ doas touch /etc/mail/trusted%0a%3c @]%0a%3c %0a%3c If you want to redirect local mails into one of the mailboxes of the domain you should add a line similar to the following one to /etc/mail/aliases:%0a%3c %0a%3c [@%0a%3c user: muser@example.net%0a%3c @]%0a%3c %0a%3c Up next is the actual configuration of OpenSMTPD. I suggest you start out with a fresh /etc/mail/smtpd.conf - either put away the original or clear it first.%0a%3c %0a%3c [@%0a%3c name="mail.example.net"%0a%3c %0a%3c table aliases file:/etc/mail/aliases%0a%3c table passwd passwd:/etc/mail/passwd%0a%3c table trusted file:/etc/mail/trusted%0a%3c table virtuals file:/etc/mail/virtuals%0a%3c %0a%3c smtp ciphers "TLSv1.3:TLSv1.2:!NULL"%0a%3c smtp max-message-size "10M"%0a%3c %0a%3c pki $name cert "/etc/ssl/mail.example.net.crt"%0a%3c pki $name key "/etc/ssl/private/mail.example.net.key"%0a%3c %0a%3c filter trusted phase connect match src %3ctrusted> bypass%0a%3c filter no_rdns phase connect match !rdns disconnect \%0a%3c "550 rDNS is required around here"%0a%3c filter no_fcrdns phase connect match !fcrdns disconnect \%0a%3c "550 FCrDNS is required around here"%0a%3c filter rspamd proc-exec "filter-rspamd"%0a%3c filter checks chain { trusted, no_rdns, no_fcrdns, rspamd }%0a%3c %0a%3c listen on lo0%0a%3c listen on $name tls pki $name filter checks%0a%3c listen on $name smtps pki $name filter checks%0a%3c listen on $name port submission tls-require pki $name \%0a%3c auth %3cpasswd> filter rspamd%0a%3c %0a%3c action "local" mbox alias %3caliases>%0a%3c action "deliver" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvirtuals>%0a%3c action "outbound" relay%0a%3c %0a%3c match from local for local action "local"%0a%3c match from any for domain "example.net" action "deliver"%0a%3c match from local for any action "outbound"%0a%3c match auth from any for any action "outbound"%0a%3c @]%0a%3c %0a%3c Check your configuration and restart smtpd(8):%0a%3c %0a%3c [@%0a%3c $ doas smtpd -n%0a%3c $ doas rcctl restart smtpd%0a%3c @]%0a%3c %0a%3c Firewall rules to go live%0a%3c So far pf(4) is blocking access to the ports of the daemons you have configured and started. If you are confident that your setup is OK it is time to go live with the services. Add the following rules to /etc/pf.conf:%0a%3c %0a%3c [@%0a%3c mail="{ smtp smtps submission pop3s }"%0a%3c %0a%3c table %3cbruteforce> persist file "/etc/pf.bruteforce"%0a%3c %0a%3c block drop in log quick on egress from %3cbruteforce> to any%0a%3c %0a%3c pass in log on egress proto tcp from any to egress port $mail \%0a%3c (max-src-conn 5, max-src-conn-rate 1/1, overload %3cbruteforce> flush)%0a%3c @]%0a%3c %0a%3c These rules allow traffic to pass to the TCP ports you have configured for OpenSMTPD and Dovecot. Packets from misbehaving clients get dropped silently. Misbehaving is defined as opening more than five connections from the same source IP or opening connections faster that one per second.%0a%3c %0a%3c After adding these rules to /etc/pf.conf check the file and load it into pf(4) with the following commands:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -nf /etc/pf.conf%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a%3c %0a%3c Catching the slow brute force attackers%0a%3c If you open one or more ports that require authentication - like 587/tcp (submission) above - you will face brute force attacks sooner or later. Limiting the allowed connections and rates in the pf(4) rule does block common brute force attackers effectively.%0a%3c %0a%3c But there is this other kind of attackers. Those who try to fly under the radar by only connecting once every minute or so. Although this does not match the definition of a brute force attack, these connections tend to fill the logs. And by guessing common combinations of user name and password they might actually land a lucky punch.%0a%3c %0a%3c One way to deal with the problem could be to extend the script addbrute.sh with the following lines:%0a%3c %0a%3c # Catch authentication failures from OpenSMTPD%0a%3c %0a%3c [@%0a%3c for id in $(grep failed-command.*AUTH ${logf}) ; do%0a%3c grep ${id}.*address= ${logf} | sed "s/.*address=//;s/ .*//"%0a%3c done >> ${dump}%0a%3c @]%0a%3c %0a%3c # Catch shady connections to POP3%0a%3c %0a%3c [@%0a%3c grep pop3-login.*no auth attempts" ${logf} | sed "s/.*rip=//;s/, .*//" >> ${dump}%0a%3c @]%0a%3c %0a%3c Beware that this script must be run as root and that it might affect your legitimate users as well as any attackers. The script doesn’t have any restrictions about the age of the log entries. This makes it hard to remove false positives from the table without having them readded during the next run of the script.%0a%3c %0a%3c [@%0a%3c Teaching rspamd some lessons%0a%3c @]%0a%3c %0a%3c No matter how good a spam detection system is, you will have both false positives (messages that are actually not spam) and false negatives (spam messages that are not detected as such). Lucky for you rspamd comes with a web interface to monitor and tune it. By default this web interface is accessible without any kind of authentication. Therefore it is only listening on localhost. The easiest way to access it is using port forwarding of ssh(1). Adding a line like this to ~/.ssh/config should do the trick:%0a%3c %0a%3c [@%0a%3c Host mail.example.net%0a%3c LocalForward 11334 127.0.0.1:11334%0a%3c Whenever you are logged in to mail.example.net using ssh(1) you can access the rspamd web interface in your browser with this link: http://localhost:11334/%0a%3c @]%0a%3c %0a%3c Adding and removing mailboxes%0a%3c Adding an additional mailbox to the server is as easy as using the following three commands:%0a%3c %0a%3c [@%0a%3c # echo "nuser@example.net:$(smtpctl encrypt Password)::::::" >> /etc/mail/passwd%0a%3c # echo "nuser@example.net: vmail" >> /etc/mail/virtuals%0a%3c # smtpctl update table virtuals%0a%3c @]%0a%3c %0a%3c Dovecot will take care of creating the required files and folders to store the mails as soon as the first mail arrives to the new mailbox.%0a%3c %0a%3c Disabling a no longer needed mailbox is equally simple:%0a%3c %0a%3c [@%0a%3c # sed -i /nuser@example\.net/d /etc/mail/passwd%0a%3c # sed -i /nuser@example\.net/d /etc/mail/virtuals%0a%3c # smtpctl update table virtuals%0a%3c @]%0a%3c %0a%3c If you want to remove the mailbox completely including any mails left in it you can issue this command after disabling the mailbox:%0a%3c %0a%3c [@%0a%3c # rm -rf /home/vmail/example.net/nuser%0a%3c @]%0a\ No newline at end of file%0a
+host:1731470450=138.43.182.133
blob - 95ff1912bf253522180408ec7766cd4b92bc2b73
blob + de08411f4975590ee2c3272b46c3ec494a45a525
--- wiki.d/Kill.RecentChanges
+++ wiki.d/Kill.RecentChanges
-version=pmwiki-2.2.130 ordered=1 urlencoded=1
-agent=w3m/0.5.3+git20210102
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
charset=UTF-8
ctime=1627443746
-host=38.87.162.8
+host=198.251.82.194
name=Kill.RecentChanges
-rev=1
-text=* [[Kill/Usage]] . . . July 28, 2021, at 03:42 AM by [[~jrmu]]: [==]%0a
-time=1627443746
+rev=2
+text=* [[Kill/Usage]] . . . @2024-11-14T02:25:25Z by [[~jrmu]]: [==]%0a
+time=1731551125
blob - 3482b4f64f370fbf076625054dfeaf0ab349c3df
blob + 77ee9f592bd0e437c183be6d452998ad1a4d8103
--- wiki.d/Kill.Usage
+++ wiki.d/Kill.Usage
-version=pmwiki-2.2.130 ordered=1 urlencoded=1
-agent=w3m/0.5.3+git20210102
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
author=jrmu
charset=UTF-8
csum=
ctime=1627443746
-host=38.87.162.8
+host=198.251.82.194
name=Kill.Usage
-rev=1
-targets=
-text=
-time=1627443746
+rev=2
+targets=Ps.Usage
+text=(:title Using kill:)%0a%0aTo [[https://man.openbsd.org/kill.1|kill(1)]] a process, first find its process%0aID using [[ps/usage]], then:%0a%0a[@%0a$ kill $PID%0a@]%0a%0aReplace $PID with the actual process ID.%0a%0aTo kill a process by name, use [[https://man.openbsd.org/pkill.1|pkill(1)]].%0aFor example, to kill the web server:%0a%0a[@%0a$ doas pkill httpd%0a@]%0a%0a'''WARNING''': Use pkill with caution! The pkill will kill any process that%0amatches the string, including processes you did not intend to kill! It's safer%0ato use [[ps/usage|ps]] to find the process ID, then to use%0a[[https://man.openbsd.org/kill.1|kill(1)]].%0a
+time=1731551125
+title=Using kill
+author:1731551125=jrmu
+diff:1731551125:1627443746:=1,22d0%0a%3c (:title Using kill:)%0a%3c %0a%3c To [[https://man.openbsd.org/kill.1|kill(1)]] a process, first find its process%0a%3c ID using [[ps/usage]], then:%0a%3c %0a%3c [@%0a%3c $ kill $PID%0a%3c @]%0a%3c %0a%3c Replace $PID with the actual process ID.%0a%3c %0a%3c To kill a process by name, use [[https://man.openbsd.org/pkill.1|pkill(1)]].%0a%3c For example, to kill the web server:%0a%3c %0a%3c [@%0a%3c $ doas pkill httpd%0a%3c @]%0a%3c %0a%3c '''WARNING''': Use pkill with caution! The pkill will kill any process that%0a%3c matches the string, including processes you did not intend to kill! It's safer%0a%3c to use [[ps/usage|ps]] to find the process ID, then to use%0a%3c [[https://man.openbsd.org/kill.1|kill(1)]].%0a
+host:1731551125=198.251.82.194
author:1627443746=jrmu
diff:1627443746:1627443746:=
host:1627443746=38.87.162.8
blob - 545096c724660b6fef560dc6fa8a50005c093d53
blob + e2df9d6f930a651a218c710f70d7fdd94ec637c5
--- wiki.d/Openhttpd.RecentChanges
+++ wiki.d/Openhttpd.RecentChanges
ctime=1613835047
host=198.251.82.194
name=Openhttpd.RecentChanges
-rev=138
-text=* [[Openhttpd/Tls]] . . . @2024-11-13T01:49:55Z by [[~jrmu]]: [=fix broken link=]%0a* [[Openhttpd/Configure]] . . . @2024-11-12T06:25:34Z by [[~jrmu]]: [==]%0a* [[Openhttpd/Website]] . . . @2024-08-13T16:38:36Z by [[~barth]]: [==]%0a* [[Openhttpd/Hosting]] . . . @2024-06-02T00:45:01Z by [[~LohanG]]: [=corrected a link to httpd man page=]%0a* [[Openhttpd/Perl]] . . . @2023-04-29T22:38:05Z by [[~izzyb]]: [==]%0a* [[Openhttpd/Chroot]] . . . April 19, 2022, at 04:05 PM by [[~jrmu]]: [==]%0a* [[Openhttpd/CGI]] . . . April 05, 2022, at 04:22 PM by [[~gtlsgamr]]: [==]%0a
-time=1731462595
+rev=146
+text=* [[Openhttpd/Tls]] . . . @2024-11-14T02:49:41Z by [[~jrmu]]: [==]%0a* [[Openhttpd/Configure]] . . . @2024-11-12T06:25:34Z by [[~jrmu]]: [==]%0a* [[Openhttpd/Website]] . . . @2024-08-13T16:38:36Z by [[~barth]]: [==]%0a* [[Openhttpd/Hosting]] . . . @2024-06-02T00:45:01Z by [[~LohanG]]: [=corrected a link to httpd man page=]%0a* [[Openhttpd/Perl]] . . . @2023-04-29T22:38:05Z by [[~izzyb]]: [==]%0a* [[Openhttpd/Chroot]] . . . April 19, 2022, at 04:05 PM by [[~jrmu]]: [==]%0a* [[Openhttpd/CGI]] . . . April 05, 2022, at 04:22 PM by [[~gtlsgamr]]: [==]%0a
+time=1731552581
blob - 689689ae5096253545180b21a3758bc41ef59623
blob + 6b8b40153b848144d8e4c5937cee01d526739dfc
--- wiki.d/Openhttpd.Tls
+++ wiki.d/Openhttpd.Tls
agent=w3m/0.5.3+git20230121
author=jrmu
charset=UTF-8
-csum=fix broken link
+csum=
ctime=1649022849
host=198.251.82.194
name=Openhttpd.Tls
-rev=15
-targets=Tls.Intro,Openhttpd.Configure,Acme-client.Configure,Rcctl.Usage,Openssl.Http,Openhttpd.Website,Crontab.Edit,Pf.Guide
-text=(:title TLS for OpenHTTPd:)%0a%0aThis guide shows you how to enable [[tls/intro|TLS]] for [[openhttpd/configure|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a%0a!! Docs and references%0a%0aConsult [[https://man.openbsd.org/httpd|httpd]], [[https://man.openbsd.org/httpd.conf|httpd.conf]], [[https://man.openbsd.org/acme-client|acme-client]], and [[https://man.openbsd.org/acme-client|acme-client.conf]] man pages. [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]] also contains many helpful examples.%0a%0a!! Configuring%0a%0aIn the previous guide, we used /etc/examples/httpd.conf as a template for /etc/httpd.conf:%0a%0a[@%0aserver "example.com" {%0a listen on * port 80%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a location * {%0a block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a }%0a }%0a%0aserver "example.com" {%0a listen on * tls port 443%0a tls {%0a certificate "/etc/ssl/example.com.crt"%0a key "/etc/ssl/private/example.com.key"%0a }%0a location "/pub/*" {%0a directory auto index%0a }%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a}%0a@]%0a%0a'''NOTE''': You must replace example.com with your own domain%0a%0aWe commented out the second block in the [[openhttpd/configure|basic OpenHTTPd guide]] because we did not yet request TLS certs yet. Now that we have certs from [[acme-client/configure|acme-client]], we uncomment the second block.%0a%0a!! TLS Block Explained%0a%0aHere is a line-by-line description of the TLS block:%0a%0a[@%0aserver "example.com" {%0a listen on * tls port 443%0a tls {%0a certificate "/etc/ssl/example.com.crt"%0a key "/etc/ssl/private/example.com.key"%0a }%0a location "/pub/*" {%0a directory auto index%0a }%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a}%0a@]%0a%0aLines 2-6 tells the web server to listen on all IPs on port 443. As a result, we need a tls block to specify which SSL certs to use. Again, it is necessary to replace @@example.com@@ with your actual hostname.%0a%0aLines 7-9 say that, for any request beginning with https://example.com/pub/, the web server should automatically show a directory listing. Normally this is not a good idea for security reasons, but for a public folder, it should be fine.%0a%0aIn a normal production server, if OpenHTTPd is already running, reloading is best to avoid downtime:%0a%0a[@%0a$ doas rcctl reload httpd%0a@]%0a%0aFor your first test however, you will want to [[rcctl/usage|stop OpenHTTPd]]:%0a%0a[@%0a$ doas rcctl stop httpd%0a@]%0a%0aThen, check that your configuration is valid:%0a%0a[@%0a$ doas httpd -n%0a@]%0a%0aOnce you are certain it has been configured properly, you can start the server:%0a%0a[@%0a$ doas rcctl start httpd%0a@]%0a%0a!! Testing%0a%0aTo test if your web server has a working SSL cert, use [[openssl/http|openssl]]:%0a%0a[@%0a$ openssl s_client -connect example.com:443%0a@]%0a%0a'''NOTE''': You must replace @@example.com@@ with your actual hostname.%0a%0aYou should see the correct SSL subject and issuer:%0a%0a[@%0a$ openssl s_client -connect example.org:443%0aCONNECTED(00000003)%0adepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3%0averify return:1%0adepth=1 C = US, O = Let's Encrypt, CN = R3%0averify return:1%0adepth=0 CN = example.com%0averify return:1%0adepth=0 CN = example.com%0averify return:1%0awrite W BLOCK%0a---%0aCertificate chain%0a 0 s:/CN=example.com%0a i:/C=US/O=Let's Encrypt/CN=R3%0a 1 s:/C=US/O=Let's Encrypt/CN=R3%0a i:/O=Digital Signature Trust Co./CN=DST Root CA X3%0a---%0aServer certificate%0a-----BEGIN CERTIFICATE-----%0a...%0a-----END CERTIFICATE-----%0asubject=/CN=example.com%0aissuer=/C=US/O=Let's Encrypt/CN=R3%0a---%0aNo client certificate CA names sent%0aServer Temp Key: ECDH, X25519, 253 bits%0a---%0aSSL handshake has read 3730 bytes and written 367 bytes%0a---%0aNew, TLSv1/SSLv3, Cipher is AEAD-AES256-GCM-SHA384%0aServer public key is 4096 bit%0aSecure Renegotiation IS NOT supported%0aCompression: NONE%0aExpansion: NONE%0aNo ALPN negotiated%0aSSL-Session:%0a Protocol : TLSv1.3%0a Cipher : AEAD-AES256-GCM-SHA384%0a Session-ID:%0a Session-ID-ctx:%0a Master-Key:%0a Start Time: 1614233943%0a Timeout : 7200 (sec)%0a Verify return code: 0 (ok)%0a---%0a@]%0a%0aYou can also visit the website using your web browser. Open your web browser to @@https://example.com@@. If you see an error such as 403 Forbidden, it may mean you have not [[openhttpd/website|set up a website]].%0a%0aLook for the SSL padlock in the address bar (which indicates your site is secure), then view more information about the certificate:%0a%0aAttach:ssl-cert.png%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your site.%0a%0aWe can automate the request process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 300 && rcctl reload httpd%0a@]%0a%0aThis cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 300 seconds, then reload openhttpd to use it.%0a%0a!!! Troubleshooting%0a%0aIf you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 443.%0a%0aYou can ensure pf allows incoming http connections by putting this line into /etc/pf.conf:%0a%0a[@%0apass in quick proto tcp to port {http https}%0a@]%0a%0aThen, reload the pf rulesets:%0a%0a[@%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a
-time=1731462595
+rev=23
+targets=Tls.Intro,Openhttpd.Configure,Acme-client.Configure,Relayd.Acceleration,Rcctl.Usage,Ps.Usage,Kill.Usage,Openssl.Http,Netcat.Http,Telnet.Http,Openhttpd.Website,Crontab.Edit,Pf.Guide
+text=(:title TLS for OpenHTTPd:)%0a%0aThis guide shows you how to enable [[tls/intro|TLS]] for%0a[[openhttpd/configure|OpenHTTPd]]. It assumes you have already set up%0a[[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have%0asuccessfully requested TLS certs using [[acme-client/configure|acme-client]].%0a%0a%0a!! Configuring%0a%0aIn the [[openhttpd/configure|plaintext OpenHTTPd]] guide, we used%0a@@/etc/examples/httpd.conf@@ as a template for%0a[[https://man.openbsd.org/httpd.conf.5|httpd.conf(5)]], with two sections%0acommented out:%0a%0a[@%0aserver "example.com" {%0a listen on * port 80%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a# location * {%0a# block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a# }%0a}%0a%0a#server "example.com" {%0a# listen on * tls port 443%0a# tls {%0a# certificate "/etc/ssl/example.com.fullchain.pem"%0a# key "/etc/ssl/private/example.com.key"%0a# }%0a# location "/pub/*" {%0a# directory auto index%0a# }%0a# location "/.well-known/acme-challenge/*" {%0a# root "/acme"%0a# request strip 2%0a# }%0a#}%0a@]%0a%0a'''NOTE''': You must replace example.com with your own domain%0a%0aWe commented out these two sections because we did not yet request TLS certs.%0aNow that we have certs from [[acme-client/configure|acme-client]], we will%0auncomment the second block.%0a%0a!! TLS Block Explained%0a%0aBelow, we have uncommented the block (and made one significant change). We will%0aprovide a line-by-line description of the TLS block:%0a%0a[@%0aserver "example.com" {%0a listen on * tls port 443%0a tls {%0a certificate "/etc/ssl/example.com.crt"%0a key "/etc/ssl/private/example.com.key"%0a }%0a location "/pub/*" {%0a directory auto index%0a }%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a}%0a@]%0a%0aFirst note that in line 4 above, we changed the certificate from%0a@@/etc/ssl/example.com.fullchain.pem@@ to @@/etc/ssl/example.com.crt@@%0a%0aHere, we deviate from the example%0a[[https://man.openbsd.org/httpd.conf.5|httpd.conf(5)]] because we later plan to%0ause [[relayd/acceleration|relayd]] to provide SSL acceleration, and%0a[[relayd/acceleration|relayd]] hard codes the paths it searches for the public%0aand private keypair. [[https://man.openbsd.org/relayd.8|relayd(8)]] will only%0asearch for public certificates that end in the @@.crt@@ suffix; it will ignore%0acertificates that end with the suffix @@.fullchain.pem@@.%0a%0aLines 2-6 tells the web server to listen on all IPs on port 443. As a result,%0awe need a TLS block to specify which certs to use.%0a%0aLines 7-9 say that, for any request beginning with https://example.com/pub/,%0athe web server should automatically show a directory listing. Normally this is%0anot a good idea for security reasons, but for a public folder, it should be%0afine.%0a%0a'''Note''': You can (optionally) leave the 302 forwarding block commented out:%0a%0a[@%0a# location * {%0a# block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a# }%0a@]%0a%0aWe recommend leaving this block commented out because some (old) web browsers%0ado not support modern TLS, and so allowing plaintext access can improve%0aaccessibility. Plaintext access may be important in some restrictive countries%0athat prohibit modern TLS.%0a%0aIn a normal production server, if OpenHTTPd is already running, reloading is%0abest to avoid downtime:%0a%0a[@%0a$ doas rcctl reload httpd%0a@]%0a%0aFor your first test however, you will want to [[rcctl/usage|stop OpenHTTPd]]:%0a%0a[@%0a$ doas rcctl stop httpd%0a@]%0a%0aUse [[ps/usage|ps]] or [[ps/usage|pgrep]] to ensure%0athat all [[https://man.openbsd.org/httpd.8|httpd(8]]) processes have been%0astopped:%0a%0a[@%0a$ pgrep httpd%0a@]%0a%0aIf all httpd processes have been stopped, you should see no output. If you see%0aa number representing a process ID, see the guides on [[kill/usage|killing processes]].%0a%0aThen, check that your configuration is valid:%0a%0a[@%0a$ doas httpd -n%0a@]%0a%0aOnce you are certain it has been configured properly, you can start the server:%0a%0a[@%0a$ doas rcctl start httpd%0a@]%0a%0a!! Testing%0a%0aTo test if your web server has a working SSL cert, use [[openssl/http|openssl]]:%0a%0a[@%0a$ openssl s_client -connect example.com:443%0a@]%0a%0a'''NOTE''': You must replace @@example.com@@ with your actual hostname.%0a%0aYou should see the correct SSL subject and issuer:%0a%0a[@%0a$ openssl s_client -connect example.org:443%0aCONNECTED(00000003)%0adepth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1%0averify return:1%0adepth=1 C = US, O = Let's Encrypt, CN = R11%0averify return:1%0adepth=0 CN = example.com%0averify return:1%0a---%0aCertificate chain%0a 0 s:/CN=example.com%0a i:/C=US/O=Let's Encrypt/CN=R11%0a 1 s:/C=US/O=Let's Encrypt/CN=R11%0a i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1%0a---%0aServer certificate%0a-----BEGIN CERTIFICATE-----%0aMIIF+jCCBOKgAwIBAgISBBiSmYI1JcgnGriQsYnjgYNaMA0GCSqGSIb3DQEBCwUA%0aMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD%0aEwNSMTEwHhcNMjQxMTE0MDAzNjU3WhcNMjUwMjEyMDAzNjU2WjAfMR0wGwYDVQQD%0aExRqcm11Lmhvc3QuaXJjbm93Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC%0aAgoCggIBANuLaDDkipvSVq4lPmSymFhbnqt7Exv3LRmzq6YvqzWpLOd1wkHNXFHg%0ayxCE6AbVdz3jqZT00sVO1uF/A3YdN63qlziWJFP1GaCZzcyuJ7a2NAVX/igggxO3%0aguwzlfFh844AoudJ3+KPBCGfCmI8qWftjOTIz4/huCr3CRsPwuABySWKGh/p9n+3%0awJE5EU425hkiTGGDNhF65aU8B/cT3clhdkFKwcNGEX4vkrQwlZeF43Mj9cQf3G3v%0auAOdP0DEGqhxyYQUrsGP/ml9S99VnQ91hxta1J4EYwTqCnG4UwyZ/unFJ3vRpajQ%0a/8LKkVPBQxKaREJNafB0cv29sEqE2RTBWzot8RT6mSFN59b07O7m4pxqHs+OenkW%0altH3lM9pwrFBc0RLipAXkkgauVSohBH7SbVuMDIwCMYFdOHCBRqgW6eDTk+hhklh%0anXWR0JJ2lRF1IUQQjduJWadEUDK9O/iUfLfnZr1a5ZfjXs4dlFqVU8NUQWQd3G5J%0a9d4iCX7VkEigXlJrxTgbohFLkPzeDiSPqdwKqx1GMEWLxrW65a71UR81AJEYTJJE%0aixOwGEb1kXtGEqKhM4CYywBLKiDNOEoMPsRg3UsOfHS1eaSDF6io42brmhKILAJL%0aSP5CTPZw5LYKaqc+aO13keucLBTne5+aWhaQBD0ihqsssYPlxFehAgMBAAGjggIa%0aMIICFjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF%0aBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAVeGed5J7eod57c69KSUDiVDq7m%0aMB8GA1UdIwQYMBaAFMXPRqTq9MPAemyVxC2wXpIvJuO5MFcGCCsGAQUFBwEBBEsw%0aSTAiBggrBgEFBQcwAYYWaHR0cDovL3IxMS5vLmxlbmNyLm9yZzAjBggrBgEFBQcw%0aAoYXaHR0cDovL3IxMS5pLmxlbmNyLm9yZy8wHwYDVR0RBBgwFoIUanJtdS5ob3N0%0aLmlyY25vdy5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEGBgorBgEEAdZ5AgQC%0aBIH3BIH0APIAdwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZMo%0aT6OZAAAEAwBIMEYCIQD+t4oiZ3lkJeY+nH1glYZjlktnSc31rKjJlBbJwnPTfwIh%0aALwVTA0TNEa2jo5zmOq7nypo7awprI48XnDofYsb7GK+AHcAE0rfGrWYQgl4DG/v%0aTHqRpBa3I0nOWFdq367ap8Kr4CIAAAGTKE+kEwAABAMASDBGAiEA5nosfBa3GTMC%0aRw9xjef4RVpwdvaaRsC8xDZy95CW86ECIQCLSXo2BqI9coah2trzV3gxq0LnEn9r%0aXcciSxO0ZH4mCzANBgkqhkiG9w0BAQsFAAOCAQEApjLhmAFD1bEgI5lxzIcGQrdM%0a3CSgDn7OZEqQS6pbmTGdjk3aiWAUNsNlwBdatdWra171lytEd2wufDf/iN7RWkcK%0a6BK3RZeTsKK8KNdKiV7oXL9Kd/1NpYSHizVN1obqF3Knh1JM+Kes6YXTxod7L1Av%0aozkhle3d61jrUhUz4VEp053pNxi8ylDRd6jeDnIAQbAJlGJapD1P3Sfy0VL+Kprs%0aZoEucBa3ZaSh+JNNS0fxSnl/qKfWlwOSsiMNL8yj7sy6hcVEgWqhMkviGGYpNikY%0aharUihdi26bReT1MXM9nFsYZa20+B1BUGk7Y/0TQ7zo1JtjhSXVIP4pB1zpuwg==%0a-----END CERTIFICATE-----%0asubject=/CN=example.com%0aissuer=/C=US/O=Let's Encrypt/CN=R11%0a---%0aNo client certificate CA names sent%0aServer Temp Key: ECDH, X25519, 253 bits%0a---%0aSSL handshake has read 3645 bytes and written 386 bytes%0a---%0aNew, TLSv1/SSLv3, Cipher is TLS_AES_256_GCM_SHA384%0aServer public key is 4096 bit%0aSecure Renegotiation IS NOT supported%0aCompression: NONE%0aExpansion: NONE%0aNo ALPN negotiated%0aSSL-Session:%0a Protocol : TLSv1.3%0a Cipher : TLS_AES_256_GCM_SHA384%0a Session-ID:%0a Session-ID-ctx:%0a Master-Key:%0a Start Time: 1731552214%0a Timeout : 7200 (sec)%0a Verify return code: 0 (ok)%0a---%0a@]%0a%0aAt this point, you can make normal HTTP GET requests like with%0a[[netcat/http|netcat]] or [[telnet/http|telnet]].%0a%0aYou can also visit the website using your web browser. Open your web browser to%0a@@https://example.com@@. If you see an error such as 403 Forbidden, it may mean%0ayou have not [[openhttpd/website|set up a website]].%0a%0aLook for the SSL padlock in the address bar (which indicates your site is%0asecure), then view more information about the certificate:%0a%0aAttach:ssl-cert.png%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days. As a result, you should automate%0athe renewal of TLS certs. Otherwise, once a cert expires, your users will be%0aconfronted with invalid certificate errors.%0a%0aWe can automate the request process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 300 && rcctl reload httpd%0a@]%0a%0aThis cronjob will check the certificate once each day at a random time to see%0aif it needs to be renewed. If it does, it will renew the cert, wait 300%0aseconds, then reloads [[https://man.openbsd.org/httpd.8|httpd(8)]] to use it.%0a%0a!!! Troubleshooting%0a%0aIf you were unable to establish the connection above, it may be because your%0a[[pf/guide|firewall]] is blocking port 443.%0a%0aYou can ensure pf allows incoming http connections by putting this line into /etc/pf.conf:%0a%0a[@%0apass in quick proto tcp to port {http https}%0a@]%0a%0aThen, reload the pf rulesets:%0a%0a[@%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a%0aSee Also:%0a%0a# [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]]%0acontains many helpful examples.%0a%0a
+time=1731552581
title=TLS for OpenHTTPd
+author:1731552581=jrmu
+diff:1731552581:1731552458:=243,246c243,244%0a%3c Let's Encrypt TLS certs expire after 90 days. As a result, you should automate%0a%3c the renewal of TLS certs. Otherwise, once a cert expires, your users will be%0a%3c confronted with invalid certificate errors.%0a%3c %0a---%0a> Let's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your site.%0a> %0a259,262c257,258%0a%3c This cronjob will check the certificate once each day at a random time to see%0a%3c if it needs to be renewed. If it does, it will renew the cert, wait 300%0a%3c seconds, then reloads [[https://man.openbsd.org/httpd.8|httpd(8)]] to use it.%0a%3c %0a---%0a> This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 300 seconds, then reload openhttpd to use it.%0a> %0a265,266c261%0a%3c If you were unable to establish the connection above, it may be because your%0a%3c [[pf/guide|firewall]] is blocking port 443.%0a---%0a> If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 443.%0a
+host:1731552581=198.251.82.194
+author:1731552458=jrmu
+csum:1731552458=fix usage to http
+diff:1731552458:1731552418:=230c230%0a%3c [[netcat/http|netcat]] or [[telnet/http|telnet]].%0a---%0a> [[netcat/http|netcat]] or [[telnet/usage|telnet]].%0a
+host:1731552458=198.251.82.194
+author:1731552418=jrmu
+diff:1731552418:1731552181:=155c155%0a%3c depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1%0a---%0a> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3%0a157c157%0a%3c depth=1 C = US, O = Let's Encrypt, CN = R11%0a---%0a> depth=1 C = US, O = Let's Encrypt, CN = R3%0a160a161,163%0a> depth=0 CN = example.com%0a> verify return:1%0a> write W BLOCK%0a164,166c167,169%0a%3c i:/C=US/O=Let's Encrypt/CN=R11%0a%3c 1 s:/C=US/O=Let's Encrypt/CN=R11%0a%3c i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1%0a---%0a> i:/C=US/O=Let's Encrypt/CN=R3%0a> 1 s:/C=US/O=Let's Encrypt/CN=R3%0a> i:/O=Digital Signature Trust Co./CN=DST Root CA X3%0a170,201c173%0a%3c MIIF+jCCBOKgAwIBAgISBBiSmYI1JcgnGriQsYnjgYNaMA0GCSqGSIb3DQEBCwUA%0a%3c MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD%0a%3c EwNSMTEwHhcNMjQxMTE0MDAzNjU3WhcNMjUwMjEyMDAzNjU2WjAfMR0wGwYDVQQD%0a%3c ExRqcm11Lmhvc3QuaXJjbm93Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC%0a%3c AgoCggIBANuLaDDkipvSVq4lPmSymFhbnqt7Exv3LRmzq6YvqzWpLOd1wkHNXFHg%0a%3c yxCE6AbVdz3jqZT00sVO1uF/A3YdN63qlziWJFP1GaCZzcyuJ7a2NAVX/igggxO3%0a%3c guwzlfFh844AoudJ3+KPBCGfCmI8qWftjOTIz4/huCr3CRsPwuABySWKGh/p9n+3%0a%3c wJE5EU425hkiTGGDNhF65aU8B/cT3clhdkFKwcNGEX4vkrQwlZeF43Mj9cQf3G3v%0a%3c uAOdP0DEGqhxyYQUrsGP/ml9S99VnQ91hxta1J4EYwTqCnG4UwyZ/unFJ3vRpajQ%0a%3c /8LKkVPBQxKaREJNafB0cv29sEqE2RTBWzot8RT6mSFN59b07O7m4pxqHs+OenkW%0a%3c ltH3lM9pwrFBc0RLipAXkkgauVSohBH7SbVuMDIwCMYFdOHCBRqgW6eDTk+hhklh%0a%3c nXWR0JJ2lRF1IUQQjduJWadEUDK9O/iUfLfnZr1a5ZfjXs4dlFqVU8NUQWQd3G5J%0a%3c 9d4iCX7VkEigXlJrxTgbohFLkPzeDiSPqdwKqx1GMEWLxrW65a71UR81AJEYTJJE%0a%3c ixOwGEb1kXtGEqKhM4CYywBLKiDNOEoMPsRg3UsOfHS1eaSDF6io42brmhKILAJL%0a%3c SP5CTPZw5LYKaqc+aO13keucLBTne5+aWhaQBD0ihqsssYPlxFehAgMBAAGjggIa%0a%3c MIICFjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF%0a%3c BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAVeGed5J7eod57c69KSUDiVDq7m%0a%3c MB8GA1UdIwQYMBaAFMXPRqTq9MPAemyVxC2wXpIvJuO5MFcGCCsGAQUFBwEBBEsw%0a%3c STAiBggrBgEFBQcwAYYWaHR0cDovL3IxMS5vLmxlbmNyLm9yZzAjBggrBgEFBQcw%0a%3c AoYXaHR0cDovL3IxMS5pLmxlbmNyLm9yZy8wHwYDVR0RBBgwFoIUanJtdS5ob3N0%0a%3c LmlyY25vdy5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEGBgorBgEEAdZ5AgQC%0a%3c BIH3BIH0APIAdwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZMo%0a%3c T6OZAAAEAwBIMEYCIQD+t4oiZ3lkJeY+nH1glYZjlktnSc31rKjJlBbJwnPTfwIh%0a%3c ALwVTA0TNEa2jo5zmOq7nypo7awprI48XnDofYsb7GK+AHcAE0rfGrWYQgl4DG/v%0a%3c THqRpBa3I0nOWFdq367ap8Kr4CIAAAGTKE+kEwAABAMASDBGAiEA5nosfBa3GTMC%0a%3c Rw9xjef4RVpwdvaaRsC8xDZy95CW86ECIQCLSXo2BqI9coah2trzV3gxq0LnEn9r%0a%3c XcciSxO0ZH4mCzANBgkqhkiG9w0BAQsFAAOCAQEApjLhmAFD1bEgI5lxzIcGQrdM%0a%3c 3CSgDn7OZEqQS6pbmTGdjk3aiWAUNsNlwBdatdWra171lytEd2wufDf/iN7RWkcK%0a%3c 6BK3RZeTsKK8KNdKiV7oXL9Kd/1NpYSHizVN1obqF3Knh1JM+Kes6YXTxod7L1Av%0a%3c ozkhle3d61jrUhUz4VEp053pNxi8ylDRd6jeDnIAQbAJlGJapD1P3Sfy0VL+Kprs%0a%3c ZoEucBa3ZaSh+JNNS0fxSnl/qKfWlwOSsiMNL8yj7sy6hcVEgWqhMkviGGYpNikY%0a%3c harUihdi26bReT1MXM9nFsYZa20+B1BUGk7Y/0TQ7zo1JtjhSXVIP4pB1zpuwg==%0a---%0a> ...%0a204c176%0a%3c issuer=/C=US/O=Let's Encrypt/CN=R11%0a---%0a> issuer=/C=US/O=Let's Encrypt/CN=R3%0a209c181%0a%3c SSL handshake has read 3645 bytes and written 386 bytes%0a---%0a> SSL handshake has read 3730 bytes and written 367 bytes%0a211c183%0a%3c New, TLSv1/SSLv3, Cipher is TLS_AES_256_GCM_SHA384%0a---%0a> New, TLSv1/SSLv3, Cipher is AEAD-AES256-GCM-SHA384%0a219c191%0a%3c Cipher : TLS_AES_256_GCM_SHA384%0a---%0a> Cipher : AEAD-AES256-GCM-SHA384%0a223c195%0a%3c Start Time: 1731552214%0a---%0a> Start Time: 1614233943%0a229,237c201,203%0a%3c At this point, you can make normal HTTP GET requests like with%0a%3c [[netcat/http|netcat]] or [[telnet/usage|telnet]].%0a%3c %0a%3c You can also visit the website using your web browser. Open your web browser to%0a%3c @@https://example.com@@. If you see an error such as 403 Forbidden, it may mean%0a%3c you have not [[openhttpd/website|set up a website]].%0a%3c %0a%3c Look for the SSL padlock in the address bar (which indicates your site is%0a%3c secure), then view more information about the certificate:%0a---%0a> You can also visit the website using your web browser. Open your web browser to @@https://example.com@@. If you see an error such as 403 Forbidden, it may mean you have not [[openhttpd/website|set up a website]].%0a> %0a> Look for the SSL padlock in the address bar (which indicates your site is secure), then view more information about the certificate:%0a
+host:1731552418=198.251.82.194
+author:1731552181=jrmu
+diff:1731552181:1731551952:=74,81d73%0a%3c %0a%3c Here, we deviate from the example%0a%3c [[https://man.openbsd.org/httpd.conf.5|httpd.conf(5)]] because we later plan to%0a%3c use [[relayd/acceleration|relayd]] to provide SSL acceleration, and%0a%3c [[relayd/acceleration|relayd]] hard codes the paths it searches for the public%0a%3c and private keypair. [[https://man.openbsd.org/relayd.8|relayd(8)]] will only%0a%3c search for public certificates that end in the @@.crt@@ suffix; it will ignore%0a%3c certificates that end with the suffix @@.fullchain.pem@@.%0a
+host:1731552181=198.251.82.194
+author:1731551952=jrmu
+csum:1731551952=Make explicit the change from fullchain.pem to .crt
+diff:1731551952:1731551561:=31c31%0a%3c # certificate "/etc/ssl/example.com.fullchain.pem"%0a---%0a> # certificate "/etc/ssl/example.com.crt"%0a52,54c52,53%0a%3c Below, we have uncommented the block (and made one significant change). We will%0a%3c provide a line-by-line description of the TLS block:%0a%3c %0a---%0a> Here is a line-by-line description of the TLS block:%0a> %0a71,73d69%0a%3c %0a%3c First note that in line 4 above, we changed the certificate from%0a%3c @@/etc/ssl/example.com.fullchain.pem@@ to @@/etc/ssl/example.com.crt@@%0a
+host:1731551952=198.251.82.194
+author:1731551561=jrmu
+csum:1731551561=Add note about plaintext http
+diff:1731551561:1731550864:=78,90d77%0a%3c %0a%3c '''Note''': You can (optionally) leave the 302 forwarding block commented out:%0a%3c %0a%3c [@%0a%3c # location * {%0a%3c # block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a%3c # }%0a%3c @]%0a%3c %0a%3c We recommend leaving this block commented out because some (old) web browsers%0a%3c do not support modern TLS, and so allowing plaintext access can improve%0a%3c accessibility. Plaintext access may be important in some restrictive countries%0a%3c that prohibit modern TLS.%0a
+host:1731551561=198.251.82.194
+author:1731550864=jrmu
+diff:1731550864:1731550387:=101c101,102%0a%3c a number representing a process ID, see the guides on [[kill/usage|killing processes]].%0a---%0a> a number representing a process ID, see the guides on [[kill/usage|killing%0a> processes]].%0a
+host:1731550864=198.251.82.194
+author:1731550387=jrmu
+diff:1731550387:1731462595:=3,8c3,8%0a%3c This guide shows you how to enable [[tls/intro|TLS]] for%0a%3c [[openhttpd/configure|OpenHTTPd]]. It assumes you have already set up%0a%3c [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have%0a%3c successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a%3c %0a%3c %0a---%0a> This guide shows you how to enable [[tls/intro|TLS]] for [[openhttpd/configure|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a> %0a> !! Docs and references%0a> %0a> Consult [[https://man.openbsd.org/httpd|httpd]], [[https://man.openbsd.org/httpd.conf|httpd.conf]], [[https://man.openbsd.org/acme-client|acme-client]], and [[https://man.openbsd.org/acme-client|acme-client.conf]] man pages. [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]] also contains many helpful examples.%0a> %0a11,15c11,12%0a%3c In the [[openhttpd/configure|plaintext OpenHTTPd]] guide, we used%0a%3c @@/etc/examples/httpd.conf@@ as a template for%0a%3c [[https://man.openbsd.org/httpd.conf.5|httpd.conf(5)]], with two sections%0a%3c commented out:%0a%3c %0a---%0a> In the previous guide, we used /etc/examples/httpd.conf as a template for /etc/httpd.conf:%0a> %0a23,25c20,37%0a%3c # location * {%0a%3c # block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a%3c # }%0a---%0a> location * {%0a> block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a> }%0a> }%0a> %0a> server "example.com" {%0a> listen on * tls port 443%0a> tls {%0a> certificate "/etc/ssl/example.com.crt"%0a> key "/etc/ssl/private/example.com.key"%0a> }%0a> location "/pub/*" {%0a> directory auto index%0a> }%0a> location "/.well-known/acme-challenge/*" {%0a> root "/acme"%0a> request strip 2%0a> }%0a27,41d38%0a%3c %0a%3c #server "example.com" {%0a%3c # listen on * tls port 443%0a%3c # tls {%0a%3c # certificate "/etc/ssl/example.com.crt"%0a%3c # key "/etc/ssl/private/example.com.key"%0a%3c # }%0a%3c # location "/pub/*" {%0a%3c # directory auto index%0a%3c # }%0a%3c # location "/.well-known/acme-challenge/*" {%0a%3c # root "/acme"%0a%3c # request strip 2%0a%3c # }%0a%3c #}%0a46,49c43,44%0a%3c We commented out these two sections because we did not yet request TLS certs.%0a%3c Now that we have certs from [[acme-client/configure|acme-client]], we will%0a%3c uncomment the second block.%0a%3c %0a---%0a> We commented out the second block in the [[openhttpd/configure|basic OpenHTTPd guide]] because we did not yet request TLS certs yet. Now that we have certs from [[acme-client/configure|acme-client]], we uncomment the second block.%0a> %0a71,81c66,71%0a%3c Lines 2-6 tells the web server to listen on all IPs on port 443. As a result,%0a%3c we need a TLS block to specify which certs to use.%0a%3c %0a%3c Lines 7-9 say that, for any request beginning with https://example.com/pub/,%0a%3c the web server should automatically show a directory listing. Normally this is%0a%3c not a good idea for security reasons, but for a public folder, it should be%0a%3c fine.%0a%3c %0a%3c In a normal production server, if OpenHTTPd is already running, reloading is%0a%3c best to avoid downtime:%0a%3c %0a---%0a> Lines 2-6 tells the web server to listen on all IPs on port 443. As a result, we need a tls block to specify which SSL certs to use. Again, it is necessary to replace @@example.com@@ with your actual hostname.%0a> %0a> Lines 7-9 say that, for any request beginning with https://example.com/pub/, the web server should automatically show a directory listing. Normally this is not a good idea for security reasons, but for a public folder, it should be fine.%0a> %0a> In a normal production server, if OpenHTTPd is already running, reloading is best to avoid downtime:%0a> %0a92,95c82,83%0a%3c Use [[ps/usage|ps]] or [[ps/usage|pgrep]] to ensure%0a%3c that all [[https://man.openbsd.org/httpd.8|httpd(8]]) processes have been%0a%3c stopped:%0a%3c %0a---%0a> Then, check that your configuration is valid:%0a> %0a97c85%0a%3c $ pgrep httpd%0a---%0a> $ doas httpd -n%0a100,105c88,89%0a%3c If all httpd processes have been stopped, you should see no output. If you see%0a%3c a number representing a process ID, see the guides on [[kill/usage|killing%0a%3c processes]].%0a%3c %0a%3c Then, check that your configuration is valid:%0a%3c %0a---%0a> Once you are certain it has been configured properly, you can start the server:%0a> %0a107c91%0a%3c $ doas httpd -n%0a---%0a> $ doas rcctl start httpd%0a110,115d93%0a%3c Once you are certain it has been configured properly, you can start the server:%0a%3c %0a%3c [@%0a%3c $ doas rcctl start httpd%0a%3c @]%0a%3c %0a216,221d193%0a%3c %0a%3c See Also:%0a%3c %0a%3c # [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]]%0a%3c contains many helpful examples.%0a%3c %0a
+host:1731550387=198.251.82.194
author:1731462595=jrmu
csum:1731462595=fix broken link
diff:1731462595:1731462541:minor=3c3%0a%3c This guide shows you how to enable [[tls/intro|TLS]] for [[openhttpd/configure|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a---%0a> This guide shows you how to enable [[tls/intro|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a
blob - /dev/null
blob + d52a1bb28f6dbdfda7726dc11e4082a9058ccf4a (mode 644)
--- /dev/null
+++ wiki.d/Openhttpd.Tls-Draft,del-1731462595
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
+author=jrmu
+charset=UTF-8
+csum=
+ctime=1649022849
+host=198.251.82.194
+name=Openhttpd.Tls-Draft
+rev=14
+targets=Tls.Intro,Openhttpd.Configure,Acme-client.Configure,Rcctl.Usage,Openssl.Http,Openhttpd.Website,Crontab.Edit,Pf.Guide
+text=(:title TLS for OpenHTTPd:)%0a%0aThis guide shows you how to enable [[tls/intro|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a%0a!! Docs and references%0a%0aConsult [[https://man.openbsd.org/httpd|httpd]], [[https://man.openbsd.org/httpd.conf|httpd.conf]], [[https://man.openbsd.org/acme-client|acme-client]], and [[https://man.openbsd.org/acme-client|acme-client.conf]] man pages. [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]] also contains many helpful examples.%0a%0a!! Configuring%0a%0aIn the previous guide, we used /etc/examples/httpd.conf as a template for /etc/httpd.conf:%0a%0a[@%0aserver "example.com" {%0a listen on * port 80%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a location * {%0a block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a }%0a }%0a%0aserver "example.com" {%0a listen on * tls port 443%0a tls {%0a certificate "/etc/ssl/example.com.crt"%0a key "/etc/ssl/private/example.com.key"%0a }%0a location "/pub/*" {%0a directory auto index%0a }%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a}%0a@]%0a%0a'''NOTE''': You must replace example.com with your own domain%0a%0aWe commented out the second block in the [[openhttpd/configure|basic OpenHTTPd guide]] because we did not yet request TLS certs yet. Now that we have certs from [[acme-client/configure|acme-client]], we uncomment the second block.%0a%0a!! TLS Block Explained%0a%0aHere is a line-by-line description of the TLS block:%0a%0a[@%0aserver "example.com" {%0a listen on * tls port 443%0a tls {%0a certificate "/etc/ssl/example.com.crt"%0a key "/etc/ssl/private/example.com.key"%0a }%0a location "/pub/*" {%0a directory auto index%0a }%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a}%0a@]%0a%0aLines 2-6 tells the web server to listen on all IPs on port 443. As a result, we need a tls block to specify which SSL certs to use. Again, it is necessary to replace @@example.com@@ with your actual hostname.%0a%0aLines 7-9 say that, for any request beginning with https://example.com/pub/, the web server should automatically show a directory listing. Normally this is not a good idea for security reasons, but for a public folder, it should be fine.%0a%0aIn a normal production server, if OpenHTTPd is already running, reloading is best to avoid downtime:%0a%0a[@%0a$ doas rcctl reload httpd%0a@]%0a%0aFor your first test however, you will want to [[rcctl/usage|stop OpenHTTPd]]:%0a%0a[@%0a$ doas rcctl stop httpd%0a@]%0a%0aThen, check that your configuration is valid:%0a%0a[@%0a$ doas httpd -n%0a@]%0a%0aOnce you are certain it has been configured properly, you can start the server:%0a%0a[@%0a$ doas rcctl start httpd%0a@]%0a%0a!! Testing%0a%0aTo test if your web server has a working SSL cert, use [[openssl/http|openssl]]:%0a%0a[@%0a$ openssl s_client -connect example.com:443%0a@]%0a%0a'''NOTE''': You must replace @@example.com@@ with your actual hostname.%0a%0aYou should see the correct SSL subject and issuer:%0a%0a[@%0a$ openssl s_client -connect example.org:443%0aCONNECTED(00000003)%0adepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3%0averify return:1%0adepth=1 C = US, O = Let's Encrypt, CN = R3%0averify return:1%0adepth=0 CN = example.com%0averify return:1%0adepth=0 CN = example.com%0averify return:1%0awrite W BLOCK%0a---%0aCertificate chain%0a 0 s:/CN=example.com%0a i:/C=US/O=Let's Encrypt/CN=R3%0a 1 s:/C=US/O=Let's Encrypt/CN=R3%0a i:/O=Digital Signature Trust Co./CN=DST Root CA X3%0a---%0aServer certificate%0a-----BEGIN CERTIFICATE-----%0a...%0a-----END CERTIFICATE-----%0asubject=/CN=example.com%0aissuer=/C=US/O=Let's Encrypt/CN=R3%0a---%0aNo client certificate CA names sent%0aServer Temp Key: ECDH, X25519, 253 bits%0a---%0aSSL handshake has read 3730 bytes and written 367 bytes%0a---%0aNew, TLSv1/SSLv3, Cipher is AEAD-AES256-GCM-SHA384%0aServer public key is 4096 bit%0aSecure Renegotiation IS NOT supported%0aCompression: NONE%0aExpansion: NONE%0aNo ALPN negotiated%0aSSL-Session:%0a Protocol : TLSv1.3%0a Cipher : AEAD-AES256-GCM-SHA384%0a Session-ID:%0a Session-ID-ctx:%0a Master-Key:%0a Start Time: 1614233943%0a Timeout : 7200 (sec)%0a Verify return code: 0 (ok)%0a---%0a@]%0a%0aYou can also visit the website using your web browser. Open your web browser to @@https://example.com@@. If you see an error such as 403 Forbidden, it may mean you have not [[openhttpd/website|set up a website]].%0a%0aLook for the SSL padlock in the address bar (which indicates your site is secure), then view more information about the certificate:%0a%0aAttach:ssl-cert.png%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your site.%0a%0aWe can automate the request process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 300 && rcctl reload httpd%0a@]%0a%0aThis cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 300 seconds, then reload openhttpd to use it.%0a%0a!!! Troubleshooting%0a%0aIf you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 443.%0a%0aYou can ensure pf allows incoming http connections by putting this line into /etc/pf.conf:%0a%0a[@%0apass in quick proto tcp to port {http https}%0a@]%0a%0aThen, reload the pf rulesets:%0a%0a[@%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a
+time=1731462541
+title=TLS for OpenHTTPd
+author:1731462541=jrmu
+diff:1731462541:1649046317:minor=3c3%0a%3c This guide shows you how to enable [[tls/intro|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a---%0a> This guide shows you how to enable [[tls/overview|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a
+host:1731462541=198.251.82.194
+author:1649046317=jrmu
+diff:1649046317:1649045629:=174c174%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 300 && rcctl reload httpd%0a---%0a> ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && rcctl reload httpd%0a177c177%0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 300 seconds, then reload openhttpd to use it.%0a---%0a> This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 60 seconds, then reload openhttpd to use it.%0a
+host:1649046317=38.87.162.154
+author:1649045629=jrmu
+diff:1649045629:1649045618:=177c177%0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 60 seconds, then reload openhttpd to use it.%0a---%0a> This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, sleep for 60 seconds, then reload openhttpd to use it.%0a
+host:1649045629=38.87.162.154
+author:1649045618=jrmu
+diff:1649045618:1649045583:=177c177%0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, sleep for 60 seconds, then reload openhttpd to use it.%0a---%0a> This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, then reload openhttpd to use it.%0a
+host:1649045618=38.87.162.154
+author:1649045583=jrmu
+diff:1649045583:1649045148:=174c174%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && rcctl reload httpd%0a---%0a> ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && rcctl reload httpd%0a
+host:1649045583=38.87.162.154
+author:1649045148=jrmu
+diff:1649045148:1649043968:=160,177d159%0a%3c %0a%3c !! Automation%0a%3c %0a%3c Let's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your site.%0a%3c %0a%3c We can automate the request process using [[crontab/edit|crontab]].%0a%3c %0a%3c [@%0a%3c $ doas crontab -e%0a%3c @]%0a%3c %0a%3c Add this line at the bottom:%0a%3c %0a%3c [@%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && rcctl reload httpd%0a%3c @]%0a%3c %0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, then reload openhttpd to use it.%0a
+host:1649045148=38.87.162.154
+author:1649043968=jrmu
+diff:1649043968:1649027060:=
+host:1649043968=38.87.162.154
+author:1649027060=jrmu
+diff:1649027060:1649027007:=160d159%0a%3c %0a163,164c162,163%0a%3c If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 443.%0a%3c %0a---%0a> If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 80.%0a> %0a175a175,176%0a> %0a> %0a
+host:1649027060=38.87.162.154
+author:1649027007=jrmu
+diff:1649027007:1649025532:=
+host:1649027007=38.87.162.154
+author:1649025532=jrmu
+diff:1649025532:1649023324:=24a25,46%0a> #server "example.com" {%0a> # listen on * tls port 443%0a> # tls {%0a> # certificate "/etc/ssl/example.com.crt"%0a> # key "/etc/ssl/private/example.com.key"%0a> # }%0a> # location "/pub/*" {%0a> # directory auto index%0a> # }%0a> # location "/.well-known/acme-challenge/*" {%0a> # root "/acme"%0a> # request strip 2%0a> # }%0a> #}%0a> @]%0a> %0a> '''NOTE''': You must replace example.com with your own domain%0a> %0a> We commented out the second block because we did not yet request TLS certs yet. Now%0a> %0a> %0a> [@%0a41,48c63,70%0a%3c '''NOTE''': You must replace example.com with your own domain%0a%3c %0a%3c We commented out the second block in the [[openhttpd/configure|basic OpenHTTPd guide]] because we did not yet request TLS certs yet. Now that we have certs from [[acme-client/configure|acme-client]], we uncomment the second block.%0a%3c %0a%3c !! TLS Block Explained%0a%3c %0a%3c Here is a line-by-line description of the TLS block:%0a%3c %0a---%0a> This block is similar to the previous one, with only two differences.%0a> %0a> Lines 2-6 tells the web server to listen on all IPs on port 443. As a result, we need a tls block to specify which SSL certs to use. Later, after you run [[acme-client/configure|acme-client]], you will need to change the certificate and key to match your real files.%0a> %0a> Lines 7-9 say that for any request that begins with https://example.com/pub/ should automatically show a directory listing. Normally this is not a good idea for security reasons, but for a public folder it should be fine.%0a> %0a> Make sure to replace every instance of @@example.com@@ with your real hostname, then check that your configuration is valid%0a> %0a50,63c72%0a%3c server "example.com" {%0a%3c listen on * tls port 443%0a%3c tls {%0a%3c certificate "/etc/ssl/example.com.crt"%0a%3c key "/etc/ssl/private/example.com.key"%0a%3c }%0a%3c location "/pub/*" {%0a%3c directory auto index%0a%3c }%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c root "/acme"%0a%3c request strip 2%0a%3c }%0a%3c }%0a---%0a> $ doas httpd -n%0a66,71c75,76%0a%3c Lines 2-6 tells the web server to listen on all IPs on port 443. As a result, we need a tls block to specify which SSL certs to use. Again, it is necessary to replace @@example.com@@ with your actual hostname.%0a%3c %0a%3c Lines 7-9 say that, for any request beginning with https://example.com/pub/, the web server should automatically show a directory listing. Normally this is not a good idea for security reasons, but for a public folder, it should be fine.%0a%3c %0a%3c In a normal production server, if OpenHTTPd is already running, reloading is best to avoid downtime:%0a%3c %0a---%0a> !! Starting the server%0a> %0a73c78,79%0a%3c $ doas rcctl reload httpd%0a---%0a> $ doas rcctl enable httpd%0a> $ doas rcctl start httpd%0a76,77c82,85%0a%3c For your first test however, you will want to [[rcctl/usage|stop OpenHTTPd]]:%0a%3c %0a---%0a> !! Testing, testing%0a> %0a> Let's test to see if the web server is working on port 80. This test should be run on some other computer besides your web server (your home PC or phone is fine). Let's use [[telnet/http|telnet]]:%0a> %0a79c87,89%0a%3c $ doas rcctl stop httpd%0a---%0a> $ telnet example.com 80%0a> GET /index.html HTTP/1.1%0a> Host: example.com%0a82,83c92,93%0a%3c Then, check that your configuration is valid:%0a%3c %0a---%0a> You should a response similar to the one below:%0a> %0a85c95,123%0a%3c $ doas httpd -n%0a---%0a> HTTP/1.0 302 Found%0a> Date: Tue, 23 Feb 2021 14:01:28 GMT%0a> OpenBSD httpd%0a> Connection: close%0a> Content-Type: text/html%0a> Content-Length: 486%0a> Location: https://example.com/index.html%0a> %0a> %3c!DOCTYPE html>%0a> %3chtml> %0a> %3chead>%0a> %3cmeta charset="utf-8"> %0a> %3ctitle>302 Found%3c/title>%0a> %3cstyle type="text/css">%3c!--%0a> body { background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }%0a> hr { border: 0; border-bottom: 1px dashed; }%0a> @media (prefers-color-scheme: dark) {%0a> body { background-color: #1E1F21; color: #EEEFF1; }%0a> a { color: #BAD7FF; }%0a> }%0a> -->%3c/style>%0a> %3c/head>%0a> %3cbody>%0a> %3ch1>302 Found%3c/h1>%0a> %3chr>%0a> %3caddress>OpenBSD httpd%3c/address>%0a> %3c/body>%0a> %3c/html>%0a> Connection closed by foreign host.%0a88,89c126,131%0a%3c Once you are certain it has been configured properly, you can start the server:%0a%3c %0a---%0a> !!! Troubleshooting%0a> %0a> If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 80.%0a> %0a> You can ensure pf allows incoming http connections by putting this line into /etc/pf.conf:%0a> %0a91c133%0a%3c $ doas rcctl start httpd%0a---%0a> pass in quick proto tcp to port {http https}%0a94,97c136,137%0a%3c !! Testing%0a%3c %0a%3c To test if your web server has a working SSL cert, use [[openssl/http|openssl]]:%0a%3c %0a---%0a> Then, reload the pf rulesets:%0a> %0a99c139%0a%3c $ openssl s_client -connect example.com:443%0a---%0a> $ doas pfctl -f /etc/pf.conf%0a102,105c142,149%0a%3c '''NOTE''': You must replace @@example.com@@ with your actual hostname.%0a%3c %0a%3c You should see the correct SSL subject and issuer:%0a%3c %0a---%0a> !! Adding TLS%0a> %0a> Next, you'll want to request an SSL cert using [[acme-client/configure|acme-client]]. %0a> %0a> Go do that now, I'll wait...%0a> %0a> Once you have a valid SSL cert, you'll want to open up /etc/httpd.conf and look for the tls block:%0a> %0a106a151,173%0a> tls {%0a> certificate "/etc/ssl/example.com.crt"%0a> key "/etc/ssl/private/example.com.key"%0a> }%0a> @]%0a> %0a> change [@ /etc/ssl/example.com.crt @] and [@ /etc/ssl/private/example.com.key @] so that the certificate and key match the real location of your SSL cert.%0a> %0a> Then, restart the web server:%0a> %0a> [@%0a> $ doas rcctl restart httpd%0a> @]%0a> %0a> To test if your web server has a working SSL cert, use [[openssl/http|openssl]]:%0a> %0a> [@%0a> $ openssl s_client -connect example.com:443%0a> @]%0a> %0a> You should see the correct SSL subject and issuer:%0a> %0a> [@%0a155,158c222,223%0a%3c You can also visit the website using your web browser. Open your web browser to @@https://example.com@@. If you see an error such as 403 Forbidden, it may mean you have not [[openhttpd/website|set up a website]].%0a%3c %0a%3c Look for the SSL padlock in the address bar (which indicates your site is secure), then view more information about the certificate:%0a%3c %0a---%0a> You can also visit the website using your web browser. Load your domain (e.g. [@ https://example.com @] ). While you are likely to see an error such as 403 Forbidden if you havent set up a website, look for the SSL padlock in the address bar (which indicates your site is secure), then view more information about the certificate:%0a> %0a160,176d224%0a%3c !!! Troubleshooting%0a%3c %0a%3c If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 80.%0a%3c %0a%3c You can ensure pf allows incoming http connections by putting this line into /etc/pf.conf:%0a%3c %0a%3c [@%0a%3c pass in quick proto tcp to port {http https}%0a%3c @]%0a%3c %0a%3c Then, reload the pf rulesets:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a%3c %0a%3c %0a
+host:1649025532=38.87.162.154
+author:1649023324=jrmu
+diff:1649023324:1649023176:=3,4c3,4%0a%3c This guide shows you how to enable [[tls/overview|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80, and you have successfully requested TLS certs using [[acme-client/configure|acme-client]].%0a%3c %0a---%0a> This guide shows you how to enable [[tls/overview|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80.%0a> %0a11,12c11,14%0a%3c In the previous guide, we used /etc/examples/httpd.conf as a template for /etc/httpd.conf:%0a%3c %0a---%0a> '''NOTE''': You must replace example.com with your own domain%0a> %0a> Copy the example file in [@ /etc/examples/httpd.conf @]:%0a> %0a13a16,21%0a> $ doas cp /etc/examples/httpd.conf /etc/httpd.conf%0a> @]%0a> %0a> Edit [@ /etc/httpd.conf @]:%0a> %0a> [@%0a24,38d31%0a%3c %0a%3c #server "example.com" {%0a%3c # listen on * tls port 443%0a%3c # tls {%0a%3c # certificate "/etc/ssl/example.com.crt"%0a%3c # key "/etc/ssl/private/example.com.key"%0a%3c # }%0a%3c # location "/pub/*" {%0a%3c # directory auto index%0a%3c # }%0a%3c # location "/.well-known/acme-challenge/*" {%0a%3c # root "/acme"%0a%3c # request strip 2%0a%3c # }%0a%3c #}%0a41,45c34,63%0a%3c '''NOTE''': You must replace example.com with your own domain%0a%3c %0a%3c We commented out the second block because we did not yet request TLS certs yet. Now%0a%3c %0a%3c %0a---%0a> Replace @@example.com@@ to your actual hostname. On other web servers, this might be known as the '''virtual host'''. %0a> %0a> @@listen on@@ tells the web server to listen on all IPs on port 80.%0a> %0a> The first @@location@@ block in lines 3-6 responds to verification requests according to the [[acme-client/configure|ACME]] protocol. For any request that begins with @@http://example.com/.well-known/acme-challenge/@@, httpd will look for the documents in the new root @@/acme@@. Since openhttpd chroots to /var/www by default, the document root is actually @@/var/www/acme/@@. The directive @@request strip 2@@ tells openhttpd to search in @@/var/www/acme/@@ and not @@/var/www/acme/.well-known/acme-challenge/@@.%0a> %0a> The second @@location@@ block in lines 7-9 tell the web server to respond with HTTP 302 for all other requests. An HTTP 302 response forwards the web browser to a new URL address. Any user that connects to your web server using port 80, except for [[acme-client/configure|ACME]] verification, will be forwarded to use TLS on port 443 instead.%0a> %0a> This second @@location@@ block is suggested by the OpenBSD team, but for accessibility reasons, we recommend removing the second location block.%0a> %0a> '''Note''': You must have a server block listening on port 80. Do not delete this block or else [[acme-client/configure|acme-client]] will not work. The web server needs the listener block on port 80 for ACME protocol verification.%0a> %0a> The second block below should be commented out until after you have requested TLS certs.%0a> %0a> [@%0a> #server "example.com" {%0a> # listen on * tls port 443%0a> # tls {%0a> # certificate "/etc/ssl/example.com.crt"%0a> # key "/etc/ssl/private/example.com.key"%0a> # }%0a> # location "/pub/*" {%0a> # directory auto index%0a> # }%0a> # location "/.well-known/acme-challenge/*" {%0a> # root "/acme"%0a> # request strip 2%0a> # }%0a> #}%0a> @]%0a
+host:1649023324=38.87.162.154
+author:1649023176=jrmu
+diff:1649023176:1649023033:=1,2c1,2%0a%3c (:title TLS for OpenHTTPd:)%0a%3c %0a---%0a> (:title Basic OpenHTTPd Configuration:)%0a> %0a4a5,13%0a> !! Overview%0a> %0a> Pros:%0a> # Lean: Small, no plugins%0a> # Clean code%0a> # Secure: Strict validity checking, privilege separation, strong cryptography%0a> # Fast%0a> # Easy to configure with good manpage documentation%0a> %0a7c16%0a%3c Consult [[https://man.openbsd.org/httpd|httpd]], [[https://man.openbsd.org/httpd.conf|httpd.conf]], [[https://man.openbsd.org/acme-client|acme-client]], and [[https://man.openbsd.org/acme-client|acme-client.conf]] man pages. [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]] also contains many helpful examples.%0a---%0a> You'll want to consult the [[https://man.openbsd.org/httpd|httpd]] and [[https://man.openbsd.org/httpd.conf|httpd.conf]] man pages. [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]] also contains many helpful examples.%0a
+host:1649023176=38.87.162.154
+author:1649023033=jrmu
+diff:1649023033:1649022849:=3c3%0a%3c This guide shows you how to enable [[tls/overview|TLS]] for [[https://bsd.plumbing/about.html|OpenHTTPd]]. It assumes you have already set up [[openhttpd/configure|plaintext OpenHTTPd]] listening on port 80.%0a---%0a> [[https://bsd.plumbing/about.html|OpenHTTPd]] is a light-weight web server developed by the OpenBSD dev team.%0a
+host:1649023033=38.87.162.154
+author:1649022849=jrmu
+diff:1649022849:1649022849:=1,253d0%0a%3c (:title Basic OpenHTTPd Configuration:)%0a%3c %0a%3c [[https://bsd.plumbing/about.html|OpenHTTPd]] is a light-weight web server developed by the OpenBSD dev team.%0a%3c %0a%3c !! Overview%0a%3c %0a%3c Pros:%0a%3c # Lean: Small, no plugins%0a%3c # Clean code%0a%3c # Secure: Strict validity checking, privilege separation, strong cryptography%0a%3c # Fast%0a%3c # Easy to configure with good manpage documentation%0a%3c %0a%3c !! Docs and references%0a%3c %0a%3c You'll want to consult the [[https://man.openbsd.org/httpd|httpd]] and [[https://man.openbsd.org/httpd.conf|httpd.conf]] man pages. [[https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/|Httpd and Relayd Mastery]] also contains many helpful examples.%0a%3c %0a%3c !! Configuring%0a%3c %0a%3c '''NOTE''': You must replace example.com with your own domain%0a%3c %0a%3c Copy the example file in [@ /etc/examples/httpd.conf @]:%0a%3c %0a%3c [@%0a%3c $ doas cp /etc/examples/httpd.conf /etc/httpd.conf%0a%3c @]%0a%3c %0a%3c Edit [@ /etc/httpd.conf @]:%0a%3c %0a%3c [@%0a%3c server "example.com" {%0a%3c listen on * port 80%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c root "/acme"%0a%3c request strip 2%0a%3c }%0a%3c location * {%0a%3c block return 302 "https://$HTTP_HOST$REQUEST_URI"%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c Replace @@example.com@@ to your actual hostname. On other web servers, this might be known as the '''virtual host'''. %0a%3c %0a%3c @@listen on@@ tells the web server to listen on all IPs on port 80.%0a%3c %0a%3c The first @@location@@ block in lines 3-6 responds to verification requests according to the [[acme-client/configure|ACME]] protocol. For any request that begins with @@http://example.com/.well-known/acme-challenge/@@, httpd will look for the documents in the new root @@/acme@@. Since openhttpd chroots to /var/www by default, the document root is actually @@/var/www/acme/@@. The directive @@request strip 2@@ tells openhttpd to search in @@/var/www/acme/@@ and not @@/var/www/acme/.well-known/acme-challenge/@@.%0a%3c %0a%3c The second @@location@@ block in lines 7-9 tell the web server to respond with HTTP 302 for all other requests. An HTTP 302 response forwards the web browser to a new URL address. Any user that connects to your web server using port 80, except for [[acme-client/configure|ACME]] verification, will be forwarded to use TLS on port 443 instead.%0a%3c %0a%3c This second @@location@@ block is suggested by the OpenBSD team, but for accessibility reasons, we recommend removing the second location block.%0a%3c %0a%3c '''Note''': You must have a server block listening on port 80. Do not delete this block or else [[acme-client/configure|acme-client]] will not work. The web server needs the listener block on port 80 for ACME protocol verification.%0a%3c %0a%3c The second block below should be commented out until after you have requested TLS certs.%0a%3c %0a%3c [@%0a%3c #server "example.com" {%0a%3c # listen on * tls port 443%0a%3c # tls {%0a%3c # certificate "/etc/ssl/example.com.crt"%0a%3c # key "/etc/ssl/private/example.com.key"%0a%3c # }%0a%3c # location "/pub/*" {%0a%3c # directory auto index%0a%3c # }%0a%3c # location "/.well-known/acme-challenge/*" {%0a%3c # root "/acme"%0a%3c # request strip 2%0a%3c # }%0a%3c #}%0a%3c @]%0a%3c %0a%3c %0a%3c [@%0a%3c server "example.com" {%0a%3c listen on * tls port 443%0a%3c tls {%0a%3c certificate "/etc/ssl/example.com.crt"%0a%3c key "/etc/ssl/private/example.com.key"%0a%3c }%0a%3c location "/pub/*" {%0a%3c directory auto index%0a%3c }%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c root "/acme"%0a%3c request strip 2%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c This block is similar to the previous one, with only two differences.%0a%3c %0a%3c Lines 2-6 tells the web server to listen on all IPs on port 443. As a result, we need a tls block to specify which SSL certs to use. Later, after you run [[acme-client/configure|acme-client]], you will need to change the certificate and key to match your real files.%0a%3c %0a%3c Lines 7-9 say that for any request that begins with https://example.com/pub/ should automatically show a directory listing. Normally this is not a good idea for security reasons, but for a public folder it should be fine.%0a%3c %0a%3c Make sure to replace every instance of @@example.com@@ with your real hostname, then check that your configuration is valid%0a%3c %0a%3c [@%0a%3c $ doas httpd -n%0a%3c @]%0a%3c %0a%3c !! Starting the server%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable httpd%0a%3c $ doas rcctl start httpd%0a%3c @]%0a%3c %0a%3c !! Testing, testing%0a%3c %0a%3c Let's test to see if the web server is working on port 80. This test should be run on some other computer besides your web server (your home PC or phone is fine). Let's use [[telnet/http|telnet]]:%0a%3c %0a%3c [@%0a%3c $ telnet example.com 80%0a%3c GET /index.html HTTP/1.1%0a%3c Host: example.com%0a%3c @]%0a%3c %0a%3c You should a response similar to the one below:%0a%3c %0a%3c [@%0a%3c HTTP/1.0 302 Found%0a%3c Date: Tue, 23 Feb 2021 14:01:28 GMT%0a%3c OpenBSD httpd%0a%3c Connection: close%0a%3c Content-Type: text/html%0a%3c Content-Length: 486%0a%3c Location: https://example.com/index.html%0a%3c %0a%3c %3c!DOCTYPE html>%0a%3c %3chtml> %0a%3c %3chead>%0a%3c %3cmeta charset="utf-8"> %0a%3c %3ctitle>302 Found%3c/title>%0a%3c %3cstyle type="text/css">%3c!--%0a%3c body { background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }%0a%3c hr { border: 0; border-bottom: 1px dashed; }%0a%3c @media (prefers-color-scheme: dark) {%0a%3c body { background-color: #1E1F21; color: #EEEFF1; }%0a%3c a { color: #BAD7FF; }%0a%3c }%0a%3c -->%3c/style>%0a%3c %3c/head>%0a%3c %3cbody>%0a%3c %3ch1>302 Found%3c/h1>%0a%3c %3chr>%0a%3c %3caddress>OpenBSD httpd%3c/address>%0a%3c %3c/body>%0a%3c %3c/html>%0a%3c Connection closed by foreign host.%0a%3c @]%0a%3c %0a%3c !!! Troubleshooting%0a%3c %0a%3c If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking port 80.%0a%3c %0a%3c You can ensure pf allows incoming http connections by putting this line into /etc/pf.conf:%0a%3c %0a%3c [@%0a%3c pass in quick proto tcp to port {http https}%0a%3c @]%0a%3c %0a%3c Then, reload the pf rulesets:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a%3c %0a%3c !! Adding TLS%0a%3c %0a%3c Next, you'll want to request an SSL cert using [[acme-client/configure|acme-client]]. %0a%3c %0a%3c Go do that now, I'll wait...%0a%3c %0a%3c Once you have a valid SSL cert, you'll want to open up /etc/httpd.conf and look for the tls block:%0a%3c %0a%3c [@%0a%3c tls {%0a%3c certificate "/etc/ssl/example.com.crt"%0a%3c key "/etc/ssl/private/example.com.key"%0a%3c }%0a%3c @]%0a%3c %0a%3c change [@ /etc/ssl/example.com.crt @] and [@ /etc/ssl/private/example.com.key @] so that the certificate and key match the real location of your SSL cert.%0a%3c %0a%3c Then, restart the web server:%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart httpd%0a%3c @]%0a%3c %0a%3c To test if your web server has a working SSL cert, use [[openssl/http|openssl]]:%0a%3c %0a%3c [@%0a%3c $ openssl s_client -connect example.com:443%0a%3c @]%0a%3c %0a%3c You should see the correct SSL subject and issuer:%0a%3c %0a%3c [@%0a%3c $ openssl s_client -connect example.org:443%0a%3c CONNECTED(00000003)%0a%3c depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3%0a%3c verify return:1%0a%3c depth=1 C = US, O = Let's Encrypt, CN = R3%0a%3c verify return:1%0a%3c depth=0 CN = example.com%0a%3c verify return:1%0a%3c depth=0 CN = example.com%0a%3c verify return:1%0a%3c write W BLOCK%0a%3c ---%0a%3c Certificate chain%0a%3c 0 s:/CN=example.com%0a%3c i:/C=US/O=Let's Encrypt/CN=R3%0a%3c 1 s:/C=US/O=Let's Encrypt/CN=R3%0a%3c i:/O=Digital Signature Trust Co./CN=DST Root CA X3%0a%3c ---%0a%3c Server certificate%0a%3c -----BEGIN CERTIFICATE-----%0a%3c ...%0a%3c -----END CERTIFICATE-----%0a%3c subject=/CN=example.com%0a%3c issuer=/C=US/O=Let's Encrypt/CN=R3%0a%3c ---%0a%3c No client certificate CA names sent%0a%3c Server Temp Key: ECDH, X25519, 253 bits%0a%3c ---%0a%3c SSL handshake has read 3730 bytes and written 367 bytes%0a%3c ---%0a%3c New, TLSv1/SSLv3, Cipher is AEAD-AES256-GCM-SHA384%0a%3c Server public key is 4096 bit%0a%3c Secure Renegotiation IS NOT supported%0a%3c Compression: NONE%0a%3c Expansion: NONE%0a%3c No ALPN negotiated%0a%3c SSL-Session:%0a%3c Protocol : TLSv1.3%0a%3c Cipher : AEAD-AES256-GCM-SHA384%0a%3c Session-ID:%0a%3c Session-ID-ctx:%0a%3c Master-Key:%0a%3c Start Time: 1614233943%0a%3c Timeout : 7200 (sec)%0a%3c Verify return code: 0 (ok)%0a%3c ---%0a%3c @]%0a%3c %0a%3c You can also visit the website using your web browser. Load your domain (e.g. [@ https://example.com @] ). While you are likely to see an error such as 403 Forbidden if you havent set up a website, look for the SSL padlock in the address bar (which indicates your site is secure), then view more information about the certificate:%0a%3c %0a%3c Attach:ssl-cert.png%0a
+host:1649022849=38.87.162.154
blob - 02f897335de7182badadacf8c5a6902f43f79d0d
blob + fefd8c407e653b1850021e4568aa91b4a339b8a6
--- wiki.d/Ps.RecentChanges
+++ wiki.d/Ps.RecentChanges
-version=pmwiki-2.2.130 ordered=1 urlencoded=1
-agent=w3m/0.5.3+git20210102
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
charset=UTF-8
ctime=1627443740
-host=38.87.162.8
+host=198.251.82.194
name=Ps.RecentChanges
-rev=1
-text=* [[Ps/Usage]] . . . July 28, 2021, at 03:42 AM by [[~jrmu]]: [==]%0a
-time=1627443740
+rev=4
+text=* [[Ps/Usage]] . . . @2024-11-14T02:20:50Z by [[~jrmu]]: [==]%0a
+time=1731550850
blob - ed682d5a0ef90b76e5cabacd59f0cb6bb031192a
blob + 99774937d51a07ca250f55960539772ec75d1ebc
--- wiki.d/Ps.Usage
+++ wiki.d/Ps.Usage
-version=pmwiki-2.2.130 ordered=1 urlencoded=1
-agent=w3m/0.5.3+git20210102
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
author=jrmu
charset=UTF-8
csum=
ctime=1627443740
-host=38.87.162.8
+host=198.251.82.194
name=Ps.Usage
-rev=1
-targets=
-text=
-time=1627443740
+rev=4
+targets=Rcctl.Usage,Kill.Usage
+text=(:title ps Usage:)%0a%0a[[https://man.openbsd.org/ps.1|ps(1)]] can be used to check on active processes%0aon the system.%0a%0aThe command below lists all processes and useful information:%0a%0a[@%0a$ ps -aux%0a@]%0a%0aThis can be useful to see if a daemon or process is running. For example, if%0ayou used [[rcctl/usage|rcctl]] to stop the web server, double check to ensure%0ait has actually stopped with [[https://man.openbsd.org/ps.1|ps(1)]] and%0a[[https://man.openbsd.org/grep.1|grep(1)]], or%0a[[https://man.openbsd.org/pgrep.1|pgrep(1)]]:%0a%0a$ pgrep httpd%0a%0aIf all httpd processes have been stopped, you should see no output. If you see%0aa number representing a process ID, see the guides on [[kill/usage|killing processes]].%0a
+time=1731550850
+title=ps Usage
+author:1731550850=jrmu
+diff:1731550850:1731550840:=21c21,22%0a%3c a number representing a process ID, see the guides on [[kill/usage|killing processes]].%0a---%0a> a number representing a process ID, see the guides on [[kill/usage|killing%0a> processes]].%0a
+host:1731550850=198.251.82.194
+author:1731550840=jrmu
+diff:1731550840:1731550448:=1,17c1,2%0a%3c (:title ps Usage:)%0a%3c %0a%3c [[https://man.openbsd.org/ps.1|ps(1)]] can be used to check on active processes%0a%3c on the system.%0a%3c %0a%3c The command below lists all processes and useful information:%0a%3c %0a%3c [@%0a%3c $ ps -aux%0a%3c @]%0a%3c %0a%3c This can be useful to see if a daemon or process is running. For example, if%0a%3c you used [[rcctl/usage|rcctl]] to stop the web server, double check to ensure%0a%3c it has actually stopped with [[https://man.openbsd.org/ps.1|ps(1)]] and%0a%3c [[https://man.openbsd.org/grep.1|grep(1)]], or%0a%3c [[https://man.openbsd.org/pgrep.1|pgrep(1)]]:%0a%3c %0a---%0a> Use ps or pgrep to ensure that all httpd(8) processes have been stopped:%0a> %0a20,22c5,12%0a%3c If all httpd processes have been stopped, you should see no output. If you see%0a%3c a number representing a process ID, see the guides on [[kill/usage|killing%0a%3c processes]].%0a---%0a> If all httpd processes have been stopped, you should see no output. If you see a number representing a%0a> process ID, see the guides on [[kill/usage|killing processes]].%0a> %0a> Then, check that your configuration is valid:%0a> %0a> $ doas httpd -n%0a> %0a> %0a
+host:1731550840=198.251.82.194
+author:1731550448=jrmu
+csum:1731550448=stub for ps usage
+diff:1731550448:1627443740:=1,12d0%0a%3c Use ps or pgrep to ensure that all httpd(8) processes have been stopped:%0a%3c %0a%3c $ pgrep httpd%0a%3c %0a%3c If all httpd processes have been stopped, you should see no output. If you see a number representing a%0a%3c process ID, see the guides on [[kill/usage|killing processes]].%0a%3c %0a%3c Then, check that your configuration is valid:%0a%3c %0a%3c $ doas httpd -n%0a%3c %0a%3c %0a
+host:1731550448=198.251.82.194
author:1627443740=jrmu
diff:1627443740:1627443740:=
host:1627443740=38.87.162.8
blob - /dev/null
blob + e6fcd60f921913e12c0b903c9092bc7a0f9ad52b (mode 644)
--- /dev/null
+++ wiki.d/Roundcube.Install
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
+author=SplinTer
+charset=UTF-8
+csum=
+ctime=1731468729
+host=138.43.182.133
+name=Roundcube.Install
+rev=2
+targets=
+text=Install Roundcube on OpenBSD%0aBelow is the link i found for setting this up! have any questions please email support@nastycode.com%0ahttps://www.bsdhowto.ch/roundcube.html%0a%0aRoundcubeMail is webmail written in PHP. It uses HTML 4.0 with no JavaScript required, making it compatible across many browsers. It does not require any databases and is very easy to install and configure. It is GPL-licensed.%0a%0aInstallation of packages%0aWith the following command you get all the packages installed which are required for Roundcube:%0a[@%0a$ doas pkg_add -i roundcubemail mariadb-server php-pdo_mysql php-intl php-curl php-gd%0a@]%0a%0aThe last package will present you probably with list of available versions to choose from. Make sure you choose the same version of PHP as the one that got installed by the roundcubemail package. At the time of writing this is 8.2 on OpenBSD 7.5.%0a%0aConfiguration of PHP%0aYou must make sure that the required PHP extensions are enabled. The easiest way to this is the following:%0a%0a[@%0a$ cd /etc/php-8.2.sample/%0a$ for i in * ; do%0a> doas ln -sf ../php-8.2.sample/$i ../php-8.2/%0a> done%0a@]%0a%0aAnd you need to prepare the chroot(2) for the usage of TLS with PHP:%0a%0a[@%0a$ doas mkdir -p /var/www/etc/ssl%0a$ doas install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf \%0a /var/www/etc/ssl/%0a@]%0a%0aMake sure you add the above install(1) command to /etc/rc.local in order to update the files whenever the originals change.%0a%0aRoundcube itself requires some settings in /etc/php-fpm.conf in order to work properly:%0a%0a[@%0a; Settings for Roundcube%0aphp_flag[display_errors] = off%0aphp_admin_flag[log_errors] = on%0aphp_admin_value[upload_max_filesize] = 5M%0aphp_admin_value[post_max_size] = 6M%0aphp_admin_value[memory_limit] = 64M%0aphp_flag[zlib.output_compression] = off%0aphp_flag[suhosin.session.encrypt] = off%0aphp_flag[session.auto_start] = off%0aphp_admin_value[session.gc_maxlifetime] = 21600%0aphp_admin_value[gc_divisor] = 500%0aphp_admin_value[session.gc_probability] = 1%0a@]%0a%0aConfiguration of MariaDB%0aI recommend that you create a dedicated login group for mysqld - although the package read-me tells you that you only need it on busy servers. Append the following to /etc/login.conf:%0a%0a[@%0amysqld:\%0a :openfiles-cur=1024:\%0a :openfiles-max=2048:\%0a :tc=daemon:%0a@]%0a%0aCreate the initial database for MariaDB:%0a%0a[@%0a$ doas mysql_install_db%0a@]%0a%0aNow you can start mysqld and secure the installation:%0a%0a[@%0a$ doas rcctl enable mysqld%0a$ doas rcctl start mysqld%0a$ doas mysql_secure_installation%0a@]%0a%0aWith httpd(8) chrooted to /var/www you must make sure that the connection to the socket of the MariaDB server is available within the chroot. First create a folder in which the socket will be placed:%0a%0a[@%0a$ doas install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql%0a@]%0a%0aSecond you must change the socket path in /etc/my.cnf:%0a%0a[@%0a[client-server]%0asocket = /var/www/var/run/mysql/mysql.sock%0a@]%0a%0aI recommend commenting out the existing entries and place the new ones below the existing ones. You must restart mysqld in order to activate the new socket:%0a%0a[@%0a$ doas rcctl restart mysqld%0a@]%0a%0aNow you are ready to create the actual database for Roundcube:%0a%0a[@%0a$ doas -s%0a$ mysql%0a> CREATE DATABASE roundcube /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;%0a> GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost%0a -> IDENTIFIED BY 'password';%0a> QUIT%0a# mysql roundcube %3c /var/www/roundcubemail/SQL/mysql.initial.sql%0a# ^D%0a@]%0a%0aConfiguration of httpd(8)%0aFor security reasons you should offer access to Roundcube only over HTTPS. I presume that you have a proper certificate and its private key stored already on the server. The configuration of httpd(8) is done in httpd.conf(5):%0a%0a[@%0aserver "rcube.example.org" {%0a listen on egress tls port https%0a log style combined%0a tls certificate "/etc/ssl/rcube.example.org"%0a tls key "/etc/ssl/private/rcube.example.org"%0a%0a root "/roundcubemail"%0a directory index index.php%0a%0a location "*.php" {%0a fastcgi socket "/run/php-fpm.sock"%0a }%0a}%0a%0atypes {%0a include "/usr/share/misc/mime.types"%0a}%0a@]%0a%0aYou may want to change the log style from combined to forwarded if you run httpd(8) behind a proxy that sets the headers X-Forwarded-For and X-Forwarded-Port (see below).%0a%0aIn order to make name resolving work within the chroot(2) you should copy your hosts(5) file and your resolv.conf(5) file into it:%0a%0a[@%0a$ cd /var/www%0a$ for f in hosts resolv.conf ; do doas cp /etc/$f etc/ ; done%0a@]%0a%0aRecommended: Configuration of relayd(8)%0aConsider running relayd(8) in front of httpd(8). It gives you the ability to add some headers for security. And it allows you to efficiently block access to certain URLs that you don’t want to be accessible by the public.%0a%0aAdd something like this to relayd.conf(5):%0a%0a[@%0alog connection%0a%0aipv4=192.0.2.66%0aipv6=2001:db8::c000:0242%0a%0atable %3crcube4> { 127.0.0.1 }%0atable %3crcube6> { ::1 }%0a%0ahttp protocol "www" {%0a tls keypair rcube.example.org%0a%0a match request header set "X-Forwarded-For" value "$REMOTE_ADDR"%0a match request header set "X-Forwarded-Port" value "$REMOTE_PORT"%0a%0a match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubdomains"%0a match response header set "X-Content-Type-Options" value "nosniff"%0a match response header set "X-Frame-Options" value "SAMEORIGIN"%0a match response header set "X-Robots-Tag" value "noindex,nofollow"%0a match response header set "X-XSS-Protection" value "1; mode=block"%0a%0a pass%0a block request url file "/etc/roundcube.blocklist"%0a}%0a%0arelay "rcube4" {%0a listen on ipv4 port https tls%0a protocol "rcube"%0a forward to %3crcube4> port http%0a}%0a%0arelay "rcube6" {%0a listen on ipv6 port https tls%0a protocol "rcube"%0a forward to %3crcube6> port http%0a}%0a@]%0a%0aThe configuration above assumes that relayd(8) and httpd(8) run on the same system. In this case there is no need to encrypt the traffic between the two daemons. Remove all the tls statements from httpd.conf(5) and change the log style to forwarded:%0a%0a[@%0aserver "webmail.example.org" {%0a listen on lo0 port http%0a log style forwarded%0a@]%0a%0aThe file /etc/roundcube.blacklist should contain the URLs you don’t want to be accessible by the public:%0a%0a[@%0arcube.example.org/CHANGELOG.md%0arcube.example.org/INSTALL%0arcube.example.org/LICENSE%0arcube.example.org/README.md%0arcube.example.org/SECURITY.md%0arcube.example.org/SQL/%0arcube.example.org/UPGRADING%0arcube.example.org/bin/%0arcube.example.org/composer.json%0arcube.example.org/composer.json-dist%0arcube.example.org/composer.lock%0arcube.example.org/config/%0arcube.example.org/db/%0arcube.example.org/installer/%0arcube.example.org/logs/%0arcube.example.org/roundcubemail.conf-dist%0arcube.example.org/temp/%0a@]%0a%0aAny client trying to access any of these will cause relayd(8) to immediately drop the connection without any answer. Alternatively you could add a line return error to the protocol "rcube" block. That will deliver an error message to the client. In both cases relayd(8) will log the message 403 Forbidden together with the IP of the offending client to syslog(3). You can easily use these log entries to block offending IPs.%0a%0aConfiguration of Roundcube%0aThe basic configuration of Roundcube is done in its config file /var/www/roundcubemail/config/config.inc.php. You should at least set proper values for the following variables:%0a%0a[@%0a$config['db_dsnw'] = 'mysql://roundcube:password@localhost/roundcube';%0a$config['default_host'] = 'imap.example.org';%0a$config['smtp_server'] = 'smtp.example.org';%0a$config['des_key'] = 'Exactly24BytesRandomStr!'%0a@]%0a%0aTo generate a quality random string of 24 bytes for the parameter des_key use the following commands:%0a%0a[@%0a$ cat /dev/urandom | tr -dc [:print:] | fold -w 24 | head -n 1%0a@]%0a%0aRoundcube likes to know about the MIME types to file extensions mapping of your webserver. Due to the chroot(2) of httpd(8) you need to copy the file /usr/share/misc/mime.types into the chroot:%0a%0a[@%0a$ doas mkdir -p /var/www/usr/share/misc%0a$ doas cp /usr/share/misc/mime.types /var/www/usr/share/misc/%0a@]%0a%0aAfter that you need to add the following option to the config.inc.php file of Roundcube:%0a%0a$config['mime_types'] = '/usr/share/misc/mime.types';%0aIf you want to make sure that you always get the latest version of the file in the chroot after a sysupgrade(8) add the following lines to rc.local(8):%0a%0a[@%0amkdir -p /var/www/usr/share/misc%0ainstall -m 444 -o root -g bin /usr/share/misc/mime.types /var/www/usr/share/misc/mime.types%0a@]%0a%0aOptional: ImageMagick%0aWhile not really necessary for Roundcube to function properly, the installer will complain if ImageMagick is missing. Some users might even complain about something not working, but frankly I’m not sure what that would be. Anyway, if want to you can easily complete the requirements by running the following commands:%0a%0a[@%0a$ doas pkg_add -i pecl82-imagick%0a$ cd /etc/php-8.2%0a$ doas ln -s ../php-8.2.sample/imagick.ini imagick.ini%0a@]%0a%0aOptional: Redis%0aRoundcube supports Redis as session storage since version 1.2 and as cache since version 1.4. Using Redis for both might give you a performance boost - or not, that depends on your setup. In case you want to try it here are the instructions:%0a%0aFirst install the required components:%0a%0a[@%0a$ doas pkg_add -i pecl82-redis redis%0a@]%0a%0aMake sure the PHP module for Redis is enabled and php-fpm knows about it. Then you can start redis:%0a%0a[@%0a$ cd /etc/php-8.2%0a$ doas ln -s ../php-8.2.sample/redis.ini redis.ini%0a$ doas rcctl enable redis%0a$ doas rcctl start redis%0a@]%0a%0aAdding the following settings to /var/www/roundcube/config/config.inc.php to make Roundcube use Redis for both session storage and caching:%0a%0a[@%0a$config['redis_hosts'] = array('localhost:6379');%0a$config['session_storage'] = 'redis';%0a@]%0a%0aOptional: Logging%0aThe default settings of Roundcube will write dedicated log file in the directory /var/www/roundcube/logs. If you are happy with this solution I suggest you let newsyslog(8) rotate the files in order to prevent your /var from filling up.%0a%0aRoundcube is also capable of using syslog(3). You can even configure Roundcube to send its log entries to a specific syslog facility. And you can enable/disable logging for certain parts of Roundcube. For Roundcube on a mail server I usually use the following settings in /var/www/roundcubemail/config/config.inc.php:%0a%0a[@%0a$config['log_driver'] = 'syslog';%0a$config['syslog_id'] = 'roundcube';%0a$config['syslog_facility'] = LOG_MAIL;%0a$config['log_logins'] = true;%0a@]%0a%0aOptional: Plugins%0aRoundcube comes with a bunch of plugins, and some more are available as packages under OpenBSD. You can enable a plugin by adding its name to the array $config['plugins'] in config.inc.php.%0a%0aIf you want to add plugins to Roundcube that are not part of the base package, first check if there is an OpenBSD package for it:%0a%0a[@%0a$ pkg_info -Q rcube%0a@]%0a%0aShould the package you want be missing in the list you can still obtain it by installing and using composer:%0a%0a[@%0a$ doas pkg_add composer%0a$ cd /var/www/roundcube%0a$ doas ...%0a@]%0a%0aOnce you found a plugin on Packagist, click on it and replace the ... in the last command with the string found beneath the plugin name on the website. Something similar to composer require author/plugin%0a%0aStart services and finish setup%0aThe time has come to actually start the required services:%0a%0a[@%0a$ doas rcctl enable httpd php82_fpm%0a$ doas rcctl start httpd php82_fpm%0a@]%0a%0aHave Any Questions about this please email support@nastycode.com%0aCreated By SplinTer@NaStYcOdE.COM %0a
+time=1731468864
+author:1731468864=SplinTer
+diff:1731468864:1731468729:=2,3d1%0a%3c Below is the link i found for setting this up! have any questions please email support@nastycode.com%0a%3c https://www.bsdhowto.ch/roundcube.html%0a
+host:1731468864=138.43.182.133
+author:1731468729=SplinTer
+diff:1731468729:1731468729:=1,320d0%0a%3c Install Roundcube on OpenBSD%0a%3c %0a%3c RoundcubeMail is webmail written in PHP. It uses HTML 4.0 with no JavaScript required, making it compatible across many browsers. It does not require any databases and is very easy to install and configure. It is GPL-licensed.%0a%3c %0a%3c Installation of packages%0a%3c With the following command you get all the packages installed which are required for Roundcube:%0a%3c [@%0a%3c $ doas pkg_add -i roundcubemail mariadb-server php-pdo_mysql php-intl php-curl php-gd%0a%3c @]%0a%3c %0a%3c The last package will present you probably with list of available versions to choose from. Make sure you choose the same version of PHP as the one that got installed by the roundcubemail package. At the time of writing this is 8.2 on OpenBSD 7.5.%0a%3c %0a%3c Configuration of PHP%0a%3c You must make sure that the required PHP extensions are enabled. The easiest way to this is the following:%0a%3c %0a%3c [@%0a%3c $ cd /etc/php-8.2.sample/%0a%3c $ for i in * ; do%0a%3c > doas ln -sf ../php-8.2.sample/$i ../php-8.2/%0a%3c > done%0a%3c @]%0a%3c %0a%3c And you need to prepare the chroot(2) for the usage of TLS with PHP:%0a%3c %0a%3c [@%0a%3c $ doas mkdir -p /var/www/etc/ssl%0a%3c $ doas install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf \%0a%3c /var/www/etc/ssl/%0a%3c @]%0a%3c %0a%3c Make sure you add the above install(1) command to /etc/rc.local in order to update the files whenever the originals change.%0a%3c %0a%3c Roundcube itself requires some settings in /etc/php-fpm.conf in order to work properly:%0a%3c %0a%3c [@%0a%3c ; Settings for Roundcube%0a%3c php_flag[display_errors] = off%0a%3c php_admin_flag[log_errors] = on%0a%3c php_admin_value[upload_max_filesize] = 5M%0a%3c php_admin_value[post_max_size] = 6M%0a%3c php_admin_value[memory_limit] = 64M%0a%3c php_flag[zlib.output_compression] = off%0a%3c php_flag[suhosin.session.encrypt] = off%0a%3c php_flag[session.auto_start] = off%0a%3c php_admin_value[session.gc_maxlifetime] = 21600%0a%3c php_admin_value[gc_divisor] = 500%0a%3c php_admin_value[session.gc_probability] = 1%0a%3c @]%0a%3c %0a%3c Configuration of MariaDB%0a%3c I recommend that you create a dedicated login group for mysqld - although the package read-me tells you that you only need it on busy servers. Append the following to /etc/login.conf:%0a%3c %0a%3c [@%0a%3c mysqld:\%0a%3c :openfiles-cur=1024:\%0a%3c :openfiles-max=2048:\%0a%3c :tc=daemon:%0a%3c @]%0a%3c %0a%3c Create the initial database for MariaDB:%0a%3c %0a%3c [@%0a%3c $ doas mysql_install_db%0a%3c @]%0a%3c %0a%3c Now you can start mysqld and secure the installation:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable mysqld%0a%3c $ doas rcctl start mysqld%0a%3c $ doas mysql_secure_installation%0a%3c @]%0a%3c %0a%3c With httpd(8) chrooted to /var/www you must make sure that the connection to the socket of the MariaDB server is available within the chroot. First create a folder in which the socket will be placed:%0a%3c %0a%3c [@%0a%3c $ doas install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql%0a%3c @]%0a%3c %0a%3c Second you must change the socket path in /etc/my.cnf:%0a%3c %0a%3c [@%0a%3c [client-server]%0a%3c socket = /var/www/var/run/mysql/mysql.sock%0a%3c @]%0a%3c %0a%3c I recommend commenting out the existing entries and place the new ones below the existing ones. You must restart mysqld in order to activate the new socket:%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart mysqld%0a%3c @]%0a%3c %0a%3c Now you are ready to create the actual database for Roundcube:%0a%3c %0a%3c [@%0a%3c $ doas -s%0a%3c $ mysql%0a%3c > CREATE DATABASE roundcube /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;%0a%3c > GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost%0a%3c -> IDENTIFIED BY 'password';%0a%3c > QUIT%0a%3c # mysql roundcube %3c /var/www/roundcubemail/SQL/mysql.initial.sql%0a%3c # ^D%0a%3c @]%0a%3c %0a%3c Configuration of httpd(8)%0a%3c For security reasons you should offer access to Roundcube only over HTTPS. I presume that you have a proper certificate and its private key stored already on the server. The configuration of httpd(8) is done in httpd.conf(5):%0a%3c %0a%3c [@%0a%3c server "rcube.example.org" {%0a%3c listen on egress tls port https%0a%3c log style combined%0a%3c tls certificate "/etc/ssl/rcube.example.org"%0a%3c tls key "/etc/ssl/private/rcube.example.org"%0a%3c %0a%3c root "/roundcubemail"%0a%3c directory index index.php%0a%3c %0a%3c location "*.php" {%0a%3c fastcgi socket "/run/php-fpm.sock"%0a%3c }%0a%3c }%0a%3c %0a%3c types {%0a%3c include "/usr/share/misc/mime.types"%0a%3c }%0a%3c @]%0a%3c %0a%3c You may want to change the log style from combined to forwarded if you run httpd(8) behind a proxy that sets the headers X-Forwarded-For and X-Forwarded-Port (see below).%0a%3c %0a%3c In order to make name resolving work within the chroot(2) you should copy your hosts(5) file and your resolv.conf(5) file into it:%0a%3c %0a%3c [@%0a%3c $ cd /var/www%0a%3c $ for f in hosts resolv.conf ; do doas cp /etc/$f etc/ ; done%0a%3c @]%0a%3c %0a%3c Recommended: Configuration of relayd(8)%0a%3c Consider running relayd(8) in front of httpd(8). It gives you the ability to add some headers for security. And it allows you to efficiently block access to certain URLs that you don’t want to be accessible by the public.%0a%3c %0a%3c Add something like this to relayd.conf(5):%0a%3c %0a%3c [@%0a%3c log connection%0a%3c %0a%3c ipv4=192.0.2.66%0a%3c ipv6=2001:db8::c000:0242%0a%3c %0a%3c table %3crcube4> { 127.0.0.1 }%0a%3c table %3crcube6> { ::1 }%0a%3c %0a%3c http protocol "www" {%0a%3c tls keypair rcube.example.org%0a%3c %0a%3c match request header set "X-Forwarded-For" value "$REMOTE_ADDR"%0a%3c match request header set "X-Forwarded-Port" value "$REMOTE_PORT"%0a%3c %0a%3c match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubdomains"%0a%3c match response header set "X-Content-Type-Options" value "nosniff"%0a%3c match response header set "X-Frame-Options" value "SAMEORIGIN"%0a%3c match response header set "X-Robots-Tag" value "noindex,nofollow"%0a%3c match response header set "X-XSS-Protection" value "1; mode=block"%0a%3c %0a%3c pass%0a%3c block request url file "/etc/roundcube.blocklist"%0a%3c }%0a%3c %0a%3c relay "rcube4" {%0a%3c listen on ipv4 port https tls%0a%3c protocol "rcube"%0a%3c forward to %3crcube4> port http%0a%3c }%0a%3c %0a%3c relay "rcube6" {%0a%3c listen on ipv6 port https tls%0a%3c protocol "rcube"%0a%3c forward to %3crcube6> port http%0a%3c }%0a%3c @]%0a%3c %0a%3c The configuration above assumes that relayd(8) and httpd(8) run on the same system. In this case there is no need to encrypt the traffic between the two daemons. Remove all the tls statements from httpd.conf(5) and change the log style to forwarded:%0a%3c %0a%3c [@%0a%3c server "webmail.example.org" {%0a%3c listen on lo0 port http%0a%3c log style forwarded%0a%3c @]%0a%3c %0a%3c The file /etc/roundcube.blacklist should contain the URLs you don’t want to be accessible by the public:%0a%3c %0a%3c [@%0a%3c rcube.example.org/CHANGELOG.md%0a%3c rcube.example.org/INSTALL%0a%3c rcube.example.org/LICENSE%0a%3c rcube.example.org/README.md%0a%3c rcube.example.org/SECURITY.md%0a%3c rcube.example.org/SQL/%0a%3c rcube.example.org/UPGRADING%0a%3c rcube.example.org/bin/%0a%3c rcube.example.org/composer.json%0a%3c rcube.example.org/composer.json-dist%0a%3c rcube.example.org/composer.lock%0a%3c rcube.example.org/config/%0a%3c rcube.example.org/db/%0a%3c rcube.example.org/installer/%0a%3c rcube.example.org/logs/%0a%3c rcube.example.org/roundcubemail.conf-dist%0a%3c rcube.example.org/temp/%0a%3c @]%0a%3c %0a%3c Any client trying to access any of these will cause relayd(8) to immediately drop the connection without any answer. Alternatively you could add a line return error to the protocol "rcube" block. That will deliver an error message to the client. In both cases relayd(8) will log the message 403 Forbidden together with the IP of the offending client to syslog(3). You can easily use these log entries to block offending IPs.%0a%3c %0a%3c Configuration of Roundcube%0a%3c The basic configuration of Roundcube is done in its config file /var/www/roundcubemail/config/config.inc.php. You should at least set proper values for the following variables:%0a%3c %0a%3c [@%0a%3c $config['db_dsnw'] = 'mysql://roundcube:password@localhost/roundcube';%0a%3c $config['default_host'] = 'imap.example.org';%0a%3c $config['smtp_server'] = 'smtp.example.org';%0a%3c $config['des_key'] = 'Exactly24BytesRandomStr!'%0a%3c @]%0a%3c %0a%3c To generate a quality random string of 24 bytes for the parameter des_key use the following commands:%0a%3c %0a%3c [@%0a%3c $ cat /dev/urandom | tr -dc [:print:] | fold -w 24 | head -n 1%0a%3c @]%0a%3c %0a%3c Roundcube likes to know about the MIME types to file extensions mapping of your webserver. Due to the chroot(2) of httpd(8) you need to copy the file /usr/share/misc/mime.types into the chroot:%0a%3c %0a%3c [@%0a%3c $ doas mkdir -p /var/www/usr/share/misc%0a%3c $ doas cp /usr/share/misc/mime.types /var/www/usr/share/misc/%0a%3c @]%0a%3c %0a%3c After that you need to add the following option to the config.inc.php file of Roundcube:%0a%3c %0a%3c $config['mime_types'] = '/usr/share/misc/mime.types';%0a%3c If you want to make sure that you always get the latest version of the file in the chroot after a sysupgrade(8) add the following lines to rc.local(8):%0a%3c %0a%3c [@%0a%3c mkdir -p /var/www/usr/share/misc%0a%3c install -m 444 -o root -g bin /usr/share/misc/mime.types /var/www/usr/share/misc/mime.types%0a%3c @]%0a%3c %0a%3c Optional: ImageMagick%0a%3c While not really necessary for Roundcube to function properly, the installer will complain if ImageMagick is missing. Some users might even complain about something not working, but frankly I’m not sure what that would be. Anyway, if want to you can easily complete the requirements by running the following commands:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add -i pecl82-imagick%0a%3c $ cd /etc/php-8.2%0a%3c $ doas ln -s ../php-8.2.sample/imagick.ini imagick.ini%0a%3c @]%0a%3c %0a%3c Optional: Redis%0a%3c Roundcube supports Redis as session storage since version 1.2 and as cache since version 1.4. Using Redis for both might give you a performance boost - or not, that depends on your setup. In case you want to try it here are the instructions:%0a%3c %0a%3c First install the required components:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add -i pecl82-redis redis%0a%3c @]%0a%3c %0a%3c Make sure the PHP module for Redis is enabled and php-fpm knows about it. Then you can start redis:%0a%3c %0a%3c [@%0a%3c $ cd /etc/php-8.2%0a%3c $ doas ln -s ../php-8.2.sample/redis.ini redis.ini%0a%3c $ doas rcctl enable redis%0a%3c $ doas rcctl start redis%0a%3c @]%0a%3c %0a%3c Adding the following settings to /var/www/roundcube/config/config.inc.php to make Roundcube use Redis for both session storage and caching:%0a%3c %0a%3c [@%0a%3c $config['redis_hosts'] = array('localhost:6379');%0a%3c $config['session_storage'] = 'redis';%0a%3c @]%0a%3c %0a%3c Optional: Logging%0a%3c The default settings of Roundcube will write dedicated log file in the directory /var/www/roundcube/logs. If you are happy with this solution I suggest you let newsyslog(8) rotate the files in order to prevent your /var from filling up.%0a%3c %0a%3c Roundcube is also capable of using syslog(3). You can even configure Roundcube to send its log entries to a specific syslog facility. And you can enable/disable logging for certain parts of Roundcube. For Roundcube on a mail server I usually use the following settings in /var/www/roundcubemail/config/config.inc.php:%0a%3c %0a%3c [@%0a%3c $config['log_driver'] = 'syslog';%0a%3c $config['syslog_id'] = 'roundcube';%0a%3c $config['syslog_facility'] = LOG_MAIL;%0a%3c $config['log_logins'] = true;%0a%3c @]%0a%3c %0a%3c Optional: Plugins%0a%3c Roundcube comes with a bunch of plugins, and some more are available as packages under OpenBSD. You can enable a plugin by adding its name to the array $config['plugins'] in config.inc.php.%0a%3c %0a%3c If you want to add plugins to Roundcube that are not part of the base package, first check if there is an OpenBSD package for it:%0a%3c %0a%3c [@%0a%3c $ pkg_info -Q rcube%0a%3c @]%0a%3c %0a%3c Should the package you want be missing in the list you can still obtain it by installing and using composer:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add composer%0a%3c $ cd /var/www/roundcube%0a%3c $ doas ...%0a%3c @]%0a%3c %0a%3c Once you found a plugin on Packagist, click on it and replace the ... in the last command with the string found beneath the plugin name on the website. Something similar to composer require author/plugin%0a%3c %0a%3c Start services and finish setup%0a%3c The time has come to actually start the required services:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable httpd php82_fpm%0a%3c $ doas rcctl start httpd php82_fpm%0a%3c @]%0a%3c %0a%3c Have Any Questions about this please email support@nastycode.com%0a%3c Created By SplinTer@NaStYcOdE.COM %0a
+host:1731468729=138.43.182.133
blob - /dev/null
blob + 0e69f9225ca23559f8cb4607d5d32183e2ddf756 (mode 644)
--- /dev/null
+++ wiki.d/Roundcube.RecentChanges
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
+charset=UTF-8
+ctime=1731468729
+host=138.43.182.133
+name=Roundcube.RecentChanges
+rev=2
+text=* [[Roundcube/Install]] . . . @2024-11-13T03:34:24Z by [[~SplinTer]]: [==]%0a
+time=1731468864
blob - e66c11bd443602490930a24e4112cbe9b6034f1f
blob + 94b7e97c0240512d89ca99542f5ed98d3599793b
--- wiki.d/Site.AllRecentChanges
+++ wiki.d/Site.AllRecentChanges
ctime=1596101899
host=138.43.182.133
name=Site.AllRecentChanges
-rev=13881
-text=* [[Almanack.AdvancedMailServerSetup]] . . . @2024-11-13T04:09:42Z by [[~SplinTer]]: [==]%0a* [[Almanack.Almanack]] . . . @2024-11-13T04:08:39Z by [[~SplinTer]]: [==]%0a* [[Almanack.SetupMailServer]] . . . @2024-11-13T04:07:16Z by [[~SplinTer]]: [==]%0a* [[Acme-client.Configure]] . . . @2024-11-13T03:42:02Z by [[~jrmu]]: [==]%0a* [[Adminforces.Training]] . . . @2024-11-13T03:39:10Z by [[~jrmu]]: [==]%0a* [[Roundcube.Install]] . . . @2024-11-13T03:34:24Z by [[~SplinTer]]: [==]%0a* [[Tls.Intro]] . . . @2024-11-13T03:07:59Z by [[~jrmu]]: [==]%0a* [[Openbsd.Php]] . . . @2024-11-13T02:56:57Z by [[~jrmu]]: [==]%0a* [[Netcat.Http]] . . . @2024-11-13T02:55:05Z by [[~jrmu]]: [==]%0a* [[Telnet.Http]] . . . @2024-11-13T02:01:34Z by [[~jrmu]]: [==]%0a* [[Openhttpd.Tls]] . . . @2024-11-13T01:49:55Z by [[~jrmu]]: [=fix broken link=]%0a* [[Almanack.DumpBackupWithSCP]] . . . @2024-11-12T18:50:07Z by [[~SplinTer]]: [==]%0a* [[Openhttpd.Configure]] . . . @2024-11-12T06:25:34Z by [[~jrmu]]: [==]%0a* [[Chroot.Intro]] . . . @2024-11-12T04:30:16Z by [[~jrmu]]: [==]%0a* [[Freedom.Fork]] . . . @2024-11-12T03:57:04Z by [[~jrmu]]: [==]%0a* [[Lists.Ircnow]] . . . @2024-11-12T03:50:10Z by [[~jrmu]]: [==]%0a* [[Openbsd.Pkg]] . . . @2024-11-12T03:47:43Z by [[~jrmu]]: [==]%0a* [[FwUpdate.Usage]] . . . @2024-11-12T03:31:04Z by [[~jrmu]]: [=Fix markup and add -da example=]%0a* [[Main.HomePage]] . . . @2024-11-12T02:47:35Z by [[~jrmu]]: [==]%0a* [[Syspatch.Syspatch]] . . . @2024-11-12T02:09:33Z by [[~jrmu]]: [==]%0a* [[Doas.Configure]] . . . @2024-11-12T02:03:55Z by [[~jrmu]]: [==]%0a* [[Site.SideBar]] . . . @2024-11-12T01:55:50Z by [[~jrmu]]: [==]%0a* [[Minutemin.Questions]] . . . @2024-11-12T01:50:32Z by [[~jrmu]]: [==]%0a* [[Ircnow.Howtoask]] . . . @2024-11-12T01:50:20Z by [[~jrmu]]: [==]%0a* [[Ssh.Fingerprints]] . . . @2024-11-12T01:39:20Z by [[~jrmu]]: [==]%0a* [[Top.Usage]] . . . @2024-11-12T01:02:53Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade76]] . . . @2024-11-12T00:59:48Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade]] . . . @2024-11-11T22:26:24Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade76]] . . . @2024-11-11T22:10:26Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade]] . . . @2024-11-11T21:29:29Z by [[~jrmu]]: [==]%0a* [[Openbsd.CPAN]] . . . @2024-10-26T06:59:30Z by [[~izzyb]]: [==]%0a* [[Psybnc.Install]] . . . @2024-10-21T22:34:19Z by [[~jrmu]]: [==]%0a* [[Wg.Hosting]] . . . @2024-10-19T21:25:34Z by [[~moocow]]: [=Configure WireGuard without NAT=]%0a* [[SiteAdmin.AuthUser]] . . . @2024-10-19T21:12:22Z by [[~jrmu]]: [==]%0a* [[Ircnow.9force]] . . . @2024-10-06T06:10:36Z by [[~jrmu]]: [==]%0a* [[ZNC.Admin]] . . . @2024-10-03T10:18:17Z by [[~tomglok]]: [==]%0a* [[Opensmtpd.Test]] . . . @2024-09-25T23:45:59Z by [[~jrmu]]: [==]%0a* [[Opensmtpd.Maildir]] . . . @2024-09-22T21:17:38Z by [[~jrmu]]: [==]%0a* [[Vmm.Configure]] . . . @2024-09-21T19:26:31Z by [[~jrmu]]: [==]%0a* [[Ambassador.Ilines]] . . . @2024-09-20T18:20:36Z by [[~tomglok]]: [=update ipv4 addresses=]%0a* [[Opensmtpd.Lmtp]] . . . @2024-09-19T00:19:23Z by [[~jrmu]]: [==]%0a* [[Minutemin.Bootcamp]] . . . @2024-09-19T00:19:05Z by [[~jrmu]]: [==]%0a* [[Opensmtpd.Vmail]] . . . @2024-09-19T00:18:01Z by [[~jrmu]]: [==]%0a* [[Netcat.SMTP]] . . . @2024-09-18T23:43:53Z by [[~jrmu]]: [==]%0a* [[Opensmtpd.Configure]] . . . @2024-09-18T05:11:11Z by [[~jrmu]]: [==]%0a* [[Nsd.Configure]] . . . @2024-09-18T05:00:35Z by [[~jrmu]]: [=Remove references to ircnow=]%0a* [[Openbsd.Dmarc]] . . . @2024-09-15T00:39:01Z by [[~jrmu]]: [==]%0a* [[Iked.Roadwarrior]] . . . @2024-09-11T19:18:33Z by [[~barth]]: [=missing code tag=]%0a* [[Openbsd.FilePermissions]] . . . @2024-09-08T16:58:57Z by [[~tomglok]]: [=change from # chmod -R ... to # find ... so that the /etc/mail directory retains mode 0755=]%0a* [[Crontab.Edit]] . . . @2024-09-06T12:28:31Z by [[~barth]]: [=correct mistake in the 0 * * * * * example=]%0a* [[Awk.Usage]] . . . @2024-09-05T20:06:13Z by [[~barth]]: [==]%0a* [[Sed.Usage]] . . . @2024-09-05T19:08:41Z by [[~barth]]: [==]%0a* [[Openbsd.Gotweb]] . . . @2024-09-05T15:52:57Z by [[~barth]]: [=update page, as gotweb is replaced by gotwebd=]%0a* [[Got.Server]] . . . @2024-09-04T21:31:30Z by [[~barth]]: [=directory creation was missing=]%0a* [[Ipmi.Java]] . . . @2024-08-28T06:34:49Z by [[~jrmu]]: [==]%0a* [[Znc.Chroot]] . . . @2024-08-24T01:56:57Z by [[~jrmu]]: [==]%0a* [[Unbound.Configure]] . . . @2024-08-23T18:48:55Z by [[~barth]]: [=Add adblock section=]%0a* [[Ircnow.Media]] . . . @2024-08-23T06:29:40Z by [[~jrmu]]: [==]%0a* [[OpenBSD.OnOVH]] . . . @2024-08-22T00:54:43Z by [[~entrex]]: [==]%0a* [[Dns.Vhost]] . . . @2024-08-19T19:54:07Z by [[~barth]]: [=fix redundancy=]%0a* [[DNS.SPF]] . . . @2024-08-19T19:38:19Z by [[~barth]]: [=fix missing word=]%0a* [[Ifconfig.Change]] . . . @2024-08-15T18:12:15Z by [[~barth]]: [=fixed typo in subnet mask hexadecimal representation=]%0a* [[Dhcpd.Configure]] . . . @2024-08-15T16:30:33Z by [[~barth]]: [==]%0a* [[Dig.Usage]] . . . @2024-08-15T15:48:29Z by [[~barth]]: [==]%0a* [[IP.Myaddress]] . . . @2024-08-15T15:29:41Z by [[~barth]]: [==]%0a* [[Relayd.Acceleration]] . . . @2024-08-14T19:11:18Z by [[~barth]]: [==]%0a* [[Ircnow.Explorer]] . . . @2024-08-14T14:01:58Z by [[~jrmu]]: [==]%0a* [[Ircnow.Novem]] . . . @2024-08-14T13:44:41Z by [[~jrmu]]: [==]%0a* [[Openhttpd.Website]] . . . @2024-08-13T16:38:36Z by [[~barth]]: [==]%0a* [[Ircnow.Codeforce]] . . . @2024-08-10T19:43:34Z by [[~jrmu]]: [==]%0a* [[Ircnow.CodeForce]] . . . @2024-08-10T19:38:23Z by [[~jrmu]]: [==]%0a* [[Sshd.Disablepassword]] . . . @2024-08-07T03:52:17Z by [[~LohanG]]: [=corrected a typo=]%0a* [[Iked.Binat]] . . . @2024-08-06T22:30:44Z by [[~jrmu]]: [==]%0a* [[C101.C101]] . . . @2024-08-01T18:05:37Z by [[~jrmu]]: [==]%0a* [[Tcpbench.Usage]] . . . @2024-07-30T15:34:27Z by [[~jrmu]]: [==]%0a* [[Bouncer.Bouncer]] . . . @2024-07-28T22:09:16Z by [[~quiliro]]: [= Summary: Emacs ERC details=]%0a* [[Iked.Android]] . . . @2024-07-26T17:22:44Z by [[~jrmu]]: [==]%0a* [[Iked.Roadwarriorvmm]] . . . @2024-07-25T07:29:51Z by [[~jrmu]]: [==]%0a* [[Iked.Sitetosite]] . . . @2024-07-25T06:04:47Z by [[~jrmu]]: [==]%0a* [[Tor.Irc]] . . . @2024-07-25T01:47:57Z by [[~entrex]]: [=Update irc.ircforever.org's Tor address=]%0a* [[Email.Email]] . . . @2024-07-20T14:36:06Z by [[~jrmu]]: [==]%0a* [[Vpn.Vpn]] . . . @2024-07-20T14:35:25Z by [[~jrmu]]: [==]%0a* [[Unix.Reading]] . . . @2024-07-20T05:08:40Z by [[~jrmu]]: [==]%0a* [[Iked.Sitetositevmm]] . . . @2024-07-19T05:45:54Z by [[~jrmu]]: [==]%0a* [[Ospfd.Configure]] . . . @2024-07-18T22:22:50Z by [[~jrmu]]: [==]%0a* [[Irc.Clients]] . . . @2024-07-16T01:09:48Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Wg]] . . . @2024-07-16T01:06:09Z by [[~jrmu]]: [==]%0a* [[Netcat.Usage]] . . . @2024-07-15T14:51:49Z by [[~jrmu]]: [==]%0a* [[Iked.Configure]] . . . @2024-07-15T06:22:31Z by [[~jrmu]]: [==]%0a* [[Ripd.Configure]] . . . @2024-07-14T01:27:04Z by [[~jrmu]]: [==]%0a* [[Nat.Configure]] . . . @2024-07-13T16:13:34Z by [[~jrmu]]: [==]%0a* [[Profiles.Jrmu]] . . . @2024-07-13T05:55:06Z by [[~jrmu]]: [==]%0a* [[Jrmu.Bio]] . . . @2024-07-13T05:54:20Z by [[~jrmu]]: [==]%0a* [[Route.Static]] . . . @2024-07-12T14:28:06Z by [[~jrmu]]: [==]%0a* [[Wordpress.Install]] . . . @2024-07-08T01:02:48Z by [[~jrmu]]: [=merge changes from matt and mkf from openbsd/wordpress=]%0a* [[Openbsd.Wordpress]] . . . @2024-07-08T01:02:14Z by [[~jrmu]]: [==]%0a* [[Openssl.Cert]] . . . @2024-07-07T17:38:34Z by [[~jrmu]]: [==]%0a* [[Sshd.Chroot]] . . . @2024-07-05T15:54:11Z by [[~jrmu]]: [==]%0a* [[Openrsync.Chroot]] . . . @2024-07-04T06:00:51Z by [[~jrmu]]: [==]%0a* [[Openbsd.Loginconf]] . . . @2024-07-04T05:54:38Z by [[~jrmu]]: [==]%0a* [[Ssh.Chroot]] . . . @2024-07-04T05:42:21Z by [[~jrmu]]: [==]%0a* [[Rsync.Usage]] . . . @2024-07-04T05:21:34Z by [[~jrmu]]: [==]%0a* [[Openrsync.Usage]] . . . @2024-07-04T04:57:23Z by [[~jrmu]]: [==]%0a* [[Vps.Vps]] . . . @2024-07-01T01:20:12Z by [[~jrmu]]: [==]%0a* [[Gre.6in4vmm]] . . . @2024-06-30T15:57:13Z by [[~jrmu]]: [==]%0a* [[Gre.6in4]] . . . @2024-06-29T08:42:26Z by [[~jrmu]]: [==]%0a* [[Gre.6in4nat]] . . . @2024-06-29T05:50:45Z by [[~jrmu]]: [==]%0a* [[Openbsd.Identd]] . . . @2024-06-22T00:11:09Z by [[~jrmu]]: [==]%0a* [[Identd.Configure]] . . . @2024-06-22T00:10:57Z by [[~jrmu]]: [==]%0a* [[Buyvm.Routedsubnet]] . . . @2024-06-21T19:14:32Z by [[~jrmu]]: [==]%0a* [[Ircnow.Hosting]] . . . @2024-06-20T15:58:23Z by [[~jrmu]]: [==]%0a* [[Team.Team]] . . . @2024-06-20T15:57:03Z by [[~jrmu]]: [==]%0a* [[Password.Words]] . . . @2024-06-19T01:11:41Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Wifitoethernet]] . . . @2024-06-18T21:23:08Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Wifi]] . . . @2024-06-18T21:04:56Z by [[~jrmu]]: [==]%0a* [[Openbsd.BBB]] . . . @2024-06-18T16:13:57Z by [[~jrmu]]: [=Update version=]%0a* [[Sftp.Chroot]] . . . @2024-06-18T06:52:08Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Hostap]] . . . @2024-06-18T06:03:26Z by [[~jrmu]]: [==]%0a* [[Vlan.Configure]] . . . @2024-06-17T07:47:29Z by [[~jrmu]]: [==]%0a* [[Vmm.Plan9]] . . . @2024-06-16T06:28:55Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Vlan]] . . . @2024-06-14T21:55:43Z by [[~jrmu]]: [==]%0a* [[Freedom.Radio]] . . . @2024-06-12T17:45:33Z by [[~jrmu]]: [==]%0a* [[Sshd.Configure]] . . . @2024-06-12T00:43:49Z by [[~jrmu]]: [==]%0a* [[Team.Federation]] . . . @2024-06-11T04:59:07Z by [[~Yiming]]: [=update=]%0a* [[Opensmtpd.Inbox]] . . . @2024-06-09T17:27:48Z by [[~jrmu]]: [==]%0a* [[Openbsd.Pmwiki]] . . . @2024-06-09T07:24:14Z by [[~LohanG]]: [=Updated the current Pmwiki versoin =]%0a* [[Profiles.Xfnw]] . . . @2024-06-09T02:05:47Z by [[~xfnw]]: [==]%0a* [[Openbsd.Sysctl]] . . . @2024-06-08T22:23:31Z by [[~jrmu]]: [==]%0a* [[Cvsweb.Restore]] . . . @2024-06-08T16:40:18Z by [[~jrmu]]: [==]%0a* [[Shell.Cronjobs]] . . . @2024-06-06T17:56:05Z by [[~jrmu]]: [==]%0a* [[Cron.Suppressmail]] . . . @2024-06-06T17:55:41Z by [[~jrmu]]: [==]%0a* [[Ksh.History]] . . . @2024-06-06T17:00:05Z by [[~jrmu]]: [==]%0a* [[Ksh.Editor]] . . . @2024-06-06T16:28:18Z by [[~jrmu]]: [=Credit to mkf and Naglfar for writing parts of these guides=]%0a* [[Openbsd.Tcpdump]] . . . @2024-06-05T05:50:43Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Veb]] . . . @2024-06-04T07:44:16Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Vether]] . . . @2024-06-04T07:25:53Z by [[~jrmu]]: [==]%0a* [[MountNfs.Usage]] . . . @2024-06-03T09:52:35Z by [[~mkf]]: [==]%0a* [[Openhttpd.Hosting]] . . . @2024-06-02T00:45:01Z by [[~LohanG]]: [=corrected a link to httpd man page=]%0a* [[Hostnameif.Autoconf]] . . . @2024-06-01T23:39:30Z by [[~jrmu]]: [==]%0a* [[Rad.Configure]] . . . @2024-06-01T20:26:13Z by [[~jrmu]]: [==]%0a* [[Znc.Patch]] . . . @2024-06-01T16:45:30Z by [[~jrmu]]: [==]%0a* [[Ircnow.Adminforces]] . . . @2024-06-01T15:57:43Z by [[~jrmu]]: [==]%0a* [[Ircnow.Minutemin]] . . . @2024-06-01T15:57:28Z by [[~jrmu]]: [==]%0a* [[Route.Hostnameif]] . . . @2024-05-31T06:17:03Z by [[~jrmu]]: [==]%0a* [[Hostnameif.Static]] . . . @2024-05-30T23:03:07Z by [[~jrmu]]: [==]%0a* [[Unbound.LAN]] . . . @2024-05-30T13:02:25Z by [[~Posterdati]]: [==]%0a* [[Marketing.Recruit]] . . . @2024-05-29T12:39:26Z by [[~jrmu]]: [==]%0a* [[Ircnow.Team]] . . . @2024-05-29T12:08:42Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Usage]] . . . @2024-05-29T11:30:14Z by [[~jrmu]]: [=thanks to mkf on August 02, 2021, at 12:59 PM=]%0a* [[Ifconfig.Ifconfig]] . . . @2024-05-29T11:29:55Z by [[~jrmu]]: [==]%0a* [[Donations.Donations]] . . . @2024-05-28T16:38:16Z by [[~jrmu]]: [==]%0a* [[Oidentd.Changeident]] . . . @2024-05-28T00:11:37Z by [[~jrmu]]: [==]%0a* [[Znc.Support]] . . . @2024-05-28T00:07:46Z by [[~jrmu]]: [==]%0a* [[Znc.Admin]] . . . @2024-05-28T00:06:29Z by [[~jrmu]]: [==]%0a* [[Minetest.Minetest]] . . . @2024-05-27T22:43:44Z by [[~jrmu]]: [==]%0a* [[Irc101.Irc101]] . . . @2024-05-27T22:41:28Z by [[~jrmu]]: [==]%0a* [[Dns.Troubleshooting]] . . . @2024-05-27T21:55:36Z by [[~jrmu]]: [==]%0a* [[Nsd.Troubleshoot]] . . . @2024-05-27T21:55:08Z by [[~jrmu]]: [==]%0a* [[Bgpd.Configure]] . . . @2024-05-27T21:44:19Z by [[~jrmu]]: [==]%0a* [[Route.Sourceaddr]] . . . @2024-05-22T23:31:46Z by [[~jrmu]]: [==]%0a* [[Hosts.Configure]] . . . @2024-05-21T07:59:04Z by [[~mkf]]: [=Promote what is in the base :)=]%0a* [[Openbsd.Ed]] . . . @2024-05-21T07:58:21Z by [[~mkf]]: [==]%0a* [[Ircnow.Hardware]] . . . @2024-05-19T21:48:37Z by [[~jrmu]]: [==]%0a* [[Oddprotocol.Hardware]] . . . @2024-05-19T21:45:29Z by [[~jrmu]]: [==]%0a* [[Bsdforall.Hardware]] . . . @2024-05-19T21:41:54Z by [[~jrmu]]: [==]%0a* [[Nastycode.Hardware]] . . . @2024-05-19T20:46:34Z by [[~jrmu]]: [==]%0a* [[Planetofnix.Hardware]] . . . @2024-05-19T20:45:03Z by [[~jrmu]]: [==]%0a* [[Marketing.Memes]] . . . @2024-05-16T18:05:04Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade75]] . . . @2024-05-11T06:39:58Z by [[~jrmu]]: [==]%0a* [[Ircnow.Services]] . . . @2024-05-10T16:12:29Z by [[~izzyb]]: [==]%0a* [[Openbsd.Biboumi]] . . . @2024-05-10T09:13:51Z by [[~mkf]]: [=udns doesn't seem to work in ircnow.org since upgrade to 7.5, i don't know why.=]%0a* [[Openbsd.Drawtermssh]] . . . @2024-05-10T07:08:07Z by [[~mkf]]: [==]%0a* [[OpenBSD.Iked]] . . . @2024-05-10T06:58:23Z by [[~mkf]]: [==]%0a* [[Openbsd.Dump]] . . . @2024-05-07T17:10:33Z by [[~jrmu]]: [==]%0a* [[Freedom.Homestead]] . . . @2024-05-06T05:49:56Z by [[~jrmu]]: [==]%0a* [[Openbsd.Restore]] . . . @2024-05-05T22:30:23Z by [[~jrmu]]: [==]%0a* [[Debate.Providers]] . . . @2024-05-04T04:13:44Z by [[~Yonle]]: [==]%0a* [[Openbsd.Prosody]] . . . @2024-05-02T13:20:46Z by [[~mkf]]: [==]%0a* [[DNS.MTA-STS]] . . . @2024-05-01T17:38:03Z by [[~jrmu]]: [==]%0a* [[Openbsd.Fstab]] . . . @2024-04-30T13:00:51Z by [[~mkf]]: [=mention ro=]%0a* [[Ffs.Intro]] . . . @2024-04-30T12:56:49Z by [[~mkf]]: [=hehe=]%0a* [[Gnus.Connect]] . . . @2024-04-30T12:31:49Z by [[~mkf]]: [==]%0a* [[Dovecot.Install]] . . . @2024-04-26T23:55:07Z by [[~sylv1a]]: [=fix find command to also lock down dirs=]%0a* [[Openbsd.Mlmmj]] . . . @2024-04-25T18:41:36Z by [[~izzyb]]: [==]%0a* [[Ln.Shell]] . . . @2024-04-24T16:07:14Z by [[~jrmu]]: [==]%0a* [[Mariadb.Install]] . . . @2024-04-13T18:06:28Z by [[~mkf]]: [==]%0a* [[Openbsd.Openbsd]] . . . @2024-04-13T18:02:19Z by [[~mkf]]: [==]%0a* [[Fics.Admin]] . . . @2024-04-12T19:01:58Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade75]] . . . @2024-04-11T20:42:45Z by [[~jrmu]]: [==]%0a* [[Ircnow.Milestones]] . . . @2024-04-11T19:29:33Z by [[~jrmu]]: [==]%0a* [[Ambassador.Markets]] . . . @2024-04-11T17:15:42Z by [[~jrmu]]: [==]%0a* [[Swapctl.Usage]] . . . @2024-04-11T07:06:24Z by [[~jrmu]]: [==]%0a* [[Disklabel.Usage]] . . . @2024-04-11T06:49:54Z by [[~jrmu]]: [==]%0a* [[Newfs.Usage]] . . . @2024-04-11T06:20:14Z by [[~jrmu]]: [==]%0a* [[Mount.Usage]] . . . @2024-04-11T06:19:40Z by [[~jrmu]]: [==]%0a* [[Fdisk.Usage]] . . . @2024-04-11T00:09:58Z by [[~jrmu]]: [==]%0a* [[Openbsd.Disklabel]] . . . @2024-04-10T23:43:12Z by [[~jrmu]]: [==]%0a* [[Disklabel.Partitioning]] . . . @2024-04-10T23:22:13Z by [[~jrmu]]: [==]%0a* [[Softraid.Install]] . . . @2024-04-09T23:30:49Z by [[~jrmu]]: [==]%0a* [[Softraid.Rebuild]] . . . @2024-04-09T21:56:59Z by [[~jrmu]]: [==]%0a* [[Openbsd.Backups]] . . . @2024-04-09T21:50:28Z by [[~jrmu]]: [==]%0a* [[Openbsd.Fdisk]] . . . @2024-04-09T21:33:33Z by [[~jrmu]]: [==]%0a* [[Openbsd.Psybnc]] . . . @2024-04-09T19:14:35Z by [[~jrmu]]: [==]%0a* [[Vmctl.Usage]] . . . @2024-04-09T05:30:55Z by [[~jrmu]]: [==]%0a* [[Vmm.Install]] . . . @2024-04-09T05:16:01Z by [[~jrmu]]: [==]%0a* [[Vmm.Intro]] . . . @2024-04-09T01:30:50Z by [[~jrmu]]: [==]%0a* [[Openssl.Check]] . . . @2024-04-08T20:30:49Z by [[~jrmu]]: [==]%0a* [[Openbsd.Snac]] . . . @2024-04-08T16:30:46Z by [[~Yonle]]: [==]%0a* [[Openbsd.Install75]] . . . @2024-04-07T22:53:36Z by [[~jrmu]]: [==]%0a* [[Openbsd.Install]] . . . @2024-04-07T22:28:53Z by [[~jrmu]]: [==]%0a* [[Atactl.Usage]] . . . @2024-04-07T10:57:16Z by [[~mkf]]: [=add sleep command=]%0a* [[Vmctl.Disk]] . . . @2024-04-06T23:08:15Z by [[~jrmu]]: [==]%0a* [[Vmctl.Reinstall]] . . . @2024-04-06T22:59:10Z by [[~jrmu]]: [==]%0a* [[Openbsd.Outofmemory]] . . . @2024-04-06T21:03:39Z by [[~jrmu]]: [==]%0a* [[Dmesg.Usage]] . . . @2024-04-06T20:15:54Z by [[~jrmu]]: [==]%0a* [[Openbsd.Dmesg]] . . . @2024-04-06T20:15:22Z by [[~jrmu]]: [==]%0a* [[Vps.Users]] . . . @2024-04-06T19:10:58Z by [[~Posterdati]]: [==]%0a* [[Profiles.Yiming]] . . . @2024-04-06T04:59:28Z by [[~Yiming]]: [=Create New Page=]%0a* [[Openbsd.Singleuser]] . . . @2024-04-03T23:51:20Z by [[~jrmu]]: [==]%0a* [[Hostname.Usage]] . . . @2024-04-03T23:38:15Z by [[~jrmu]]: [==]%0a* [[Openbsd.Hier]] . . . @2024-04-03T23:23:13Z by [[~jrmu]]: [==]%0a* [[Openbsd.Intro]] . . . @2024-04-03T20:32:26Z by [[~jrmu]]: [==]%0a* [[Dd.Iso]] . . . @2024-04-03T20:30:21Z by [[~jrmu]]: [==]%0a* [[Resolv.Conf]] . . . @2024-04-03T20:09:08Z by [[~jrmu]]: [==]%0a* [[Openbsd.Localtime]] . . . @2024-04-03T16:39:46Z by [[~jrmu]]: [==]%0a* [[Openbsd.Bootconf]] . . . @2024-04-03T07:35:48Z by [[~jrmu]]: [==]%0a* [[Chess.Chess]] . . . @2024-04-01T01:40:42Z by [[~maxxe]]: [==]%0a* [[Router.Hardware]] . . . @2024-03-31T23:16:50Z by [[~jrmu]]: [==]%0a* [[Sysop.Hardware]] . . . @2024-03-31T22:05:27Z by [[~jrmu]]: [==]%0a* [[Ircnow.Servers]] . . . @2024-03-31T21:59:17Z by [[~jrmu]]: [==]%0a* [[Bouncer.Thunderbird]] . . . @2024-03-30T12:51:26Z by [[~Yiming]]: [=Update=]%0a* [[Openbsd.Akkoma]] . . . @2024-03-25T04:31:17Z by [[~Yonle]]: [==]%0a* [[Openbsd.Pleroma]] . . . @2024-03-25T04:30:19Z by [[~Yonle]]: [==]%0a* [[Relayd.Wss]] . . . @2024-03-20T22:13:08Z by [[~jrmu]]: [=Thanks to miniontoby!=]%0a* [[OpenSSH.Connect]] . . . @2024-03-16T21:22:07Z by [[~jrmu]]: [==]%0a* [[Rcd.Configure]] . . . @2024-03-14T14:14:37Z by [[~geze]]: [==]%0a* [[Ngircd.Link]] . . . @2024-03-14T09:25:10Z by [[~geze]]: [==]%0a* [[Pf.Bittorrent]] . . . @2024-03-13T03:17:53Z by [[~jrmu]]: [==]%0a* [[Openbsd.Rcctl]] . . . @2024-03-09T18:16:03Z by [[~geze]]: [==]%0a* [[Openbsd.Ngircd]] . . . @2024-03-09T16:35:20Z by [[~geze]]: [==]%0a* [[Dns.Overview]] . . . @2024-02-20T00:38:00Z by [[~jrmu]]: [==]%0a* [[Bouncer.Erc]] . . . @2024-02-19T19:25:28Z by [[~kiliro]]: [=Add better format Summary: Add better formatin=]%0a* [[Openbsd.Icecast]] . . . @2024-02-12T17:38:08Z by [[~mkf]]: [=minor changes=]%0a* [[Cwm.Configure]] . . . @2024-02-10T20:34:56Z by [[~jrmu]]: [==]%0a* [[9.Drawterm]] . . . @2024-02-10T17:15:50Z by [[~jrmu]]: [==]%0a* [[Wsconsctl.Usage]] . . . @2024-02-10T06:50:02Z by [[~jrmu]]: [==]%0a* [[Irc.Easy]] . . . @2024-02-04T18:52:09Z by [[~jrmu]]: [==]%0a* [[Almanack.TheloungeWebircClient]] . . . @2024-02-01T13:39:12Z by [[~SplinTer]]: [==]%0a* [[Openbsd.Panic]] . . . @2024-01-20T22:18:08Z by [[~jrmu]]: [==]%0a* [[Openssh.Totp]] . . . @2024-01-16T07:17:39Z by [[~jrmu]]: [==]%0a* [[Unix101.Unix101]] . . . @2024-01-11T17:22:18Z by [[~jrmu]]: [==]%0a* [[Atheme.Install]] . . . @2024-01-01T15:24:17Z by [[~rahl]]: [=Atheme is written in C=]%0a* [[Rio.Customize]] . . . @2023-12-30T21:33:22Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade74]] . . . @2023-12-28T21:05:35Z by [[~jrmu]]: [==]%0a* [[Email.Lists]] . . . @2023-12-26T20:16:01Z by [[~jrmu]]: [==]%0a* [[Xboard.Connect]] . . . @2023-12-26T01:05:55Z by [[~jrmu]]: [==]%0a* [[I2Pd.Install]] . . . @2023-12-20T06:00:49Z by [[~Yonle]]: [==]%0a* [[9C.Exits]] . . . @2023-12-18T15:10:37Z by [[~mkf]]: [==]%0a* [[Openbsd.Bitlbee]] . . . @2023-12-18T10:06:57Z by [[~mkf]]: [==]%0a* [[9.Authsrv]] . . . @2023-12-18T09:11:44Z by [[~mkf]]: [=delete empty page=]%0a* [[Bouncer.Icechat]] . . . @2023-12-18T09:09:46Z by [[~mkf]]: [=remove duplicate article (see Bouncer.IceChat)=]%0a* [[Ircnow.SSHFingerprints]] . . . @2023-12-17T18:47:56Z by [[~jrmu]]: [==]%0a* [[Vmm.UbuntuIso]] . . . @2023-12-04T20:16:51Z by [[~jrmu]]: [==]%0a* [[Vmm.Sysupgrade]] . . . @2023-12-02T14:59:55Z by [[~jrmu]]: [==]%0a* [[Shelllabs.Openaccess]] . . . @2023-12-01T03:16:51Z by [[~hed0x]]: [==]%0a* [[Profiles.Tcache]] . . . @2023-11-30T02:41:15Z by [[~Tcache]]: [==]%0a* [[Openbsd.Wraith]] . . . @2023-11-25T18:49:17Z by [[~jrmu]]: [==]%0a* [[Openbsd.Host]] . . . @2023-11-24T22:51:07Z by [[~jrmu]]: [==]%0a* [[Hunchentoot.Install]] . . . @2023-11-24T19:50:41Z by [[~Posterdati]]: [==]%0a* [[Openbsd.Install73]] . . . @2023-11-18T05:32:17Z by [[~jrmu]]: [==]%0a* [[Openbsd.Install74]] . . . @2023-11-18T05:06:51Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade74]] . . . @2023-11-16T00:15:28Z by [[~jrmu]]: [==]%0a* [[Openbsd.Tcltls]] . . . @2023-11-06T20:19:24Z by [[~jrmu]]: [==]%0a* [[Olympics.Games]] . . . @2023-11-05T18:39:36Z by [[~jrmu]]: [==]%0a* [[Team.Security]] . . . @2023-11-04T18:45:38Z by [[~jrmu]]: [==]%0a* [[Linux.Reading]] . . . @2023-11-01T03:47:13Z by [[~jrmu]]: [==]%0a* [[Shelllabs.Tools]] . . . @2023-10-28T17:41:59Z by [[~hed0x]]: [==]%0a* [[Shelllabs.Intro]] . . . @2023-10-28T17:04:45Z by [[~redrum88]]: [==]%0a* [[Openbsd.PFStable]] . . . @2023-10-27T19:07:16Z by [[~sylv1a]]: [=Revise ICMP section in accordance with RFCs. Fix icmp6 syntax issue.=]%0a* [[Ircnow.Roadmap2024]] . . . @2023-10-23T03:33:27Z by [[~jrmu]]: [==]%0a* [[Ircnow.Roadmap]] . . . @2023-10-23T03:02:14Z by [[~jrmu]]: [==]%0a* [[DNS.DKIM]] . . . @2023-10-19T19:11:28Z by [[~sylv1a]]: [=Add this note here too (already present in DNS.Mail)=]%0a* [[DNS.Mail]] . . . @2023-10-19T19:09:57Z by [[~sylv1a]]: [=Change so _dkimsign is used for /etc/mail/dkim. _dovecot never needs to access that folder.=]%0a* [[Pmwiki.Replace]] . . . @2023-10-19T17:19:19Z by [[~sylv1a]]: [=Fix IndentationError, although the script seems to have other issues (blank output)=]%0a* [[Police.Intro]] . . . @2023-10-08T05:05:25Z by [[~jrmu]]: [==]%0a* [[Unbound.DNSSEC]] . . . @2023-10-08T02:32:13Z by [[~sylv1a]]: [=nitpick: Restart/Reload rather than Restart/reload=]%0a* [[Openbsd.Hopm-NowWithInit]] . . . @2023-10-07T05:20:56Z by [[~Maddie]]: [=[Minor]: Cleaned ansible code for more efficency.=]%0a* [[C.Cprimer]] . . . @2023-10-05T18:57:29Z by [[~jrmu]]: [==]%0a* [[Tor.Hidden]] . . . @2023-10-04T18:19:36Z by [[~sylv1a]]: [=Add authorization section for hidden services=]%0a* [[Dns.TroubleshootingDNS]] . . . @2023-10-03T06:23:08Z by [[~jrmu]]: [==]%0a* [[Openbsd.Anope]] . . . @2023-10-03T02:51:27Z by [[~jrmu]]: [==]%0a* [[9.Ramfs]] . . . @2023-09-27T15:43:55Z by [[~jrmu]]: [==]%0a* [[Ngircd.Loginconf]] . . . @2023-09-22T14:40:06Z by [[~Yonle]]: [=Probably need some revertion.=]%0a* [[Hosting.Providers]] . . . @2023-09-12T04:58:26Z by [[~jrmu]]: [==]%0a* [[Got.Repo]] . . . @2023-09-10T23:25:41Z by [[~jrmu]]: [==]%0a* [[Ircnow.Roadmap2023]] . . . @2023-09-06T07:48:43Z by [[~jrmu]]: [==]%0a* [[9.9pideas]] . . . @2023-09-03T18:58:43Z by [[~jrmu]]: [==]%0a* [[9.9gridchan]] . . . @2023-09-03T06:16:25Z by [[~jrmu]]: [==]%0a* [[9.Acmemail]] . . . @2023-09-01T18:05:18Z by [[~jrmu]]: [==]%0a* [[9.Account]] . . . @2023-09-01T17:09:51Z by [[~zleap]]: [==]%0a* [[9.Date]] . . . @2023-09-01T13:46:05Z by [[~jrmu]]: [==]%0a* [[9.Shell]] . . . @2023-08-27T18:52:33Z by [[~jrmu]]: [==]%0a* [[9.Why9]] . . . @2023-08-25T17:15:16Z by [[~jrmu]]: [==]%0a* [[9.Splinternet]] . . . @2023-08-24T02:31:30Z by [[~jrmu]]: [==]%0a* [[9.PKI]] . . . @2023-08-23T19:47:46Z by [[~jrmu]]: [==]%0a* [[9.IP]] . . . @2023-08-23T00:12:14Z by [[~jrmu]]: [==]%0a* [[9.Inter9]] . . . @2023-08-23T00:11:11Z by [[~jrmu]]: [==]%0a* [[9.Irc]] . . . @2023-08-22T14:15:24Z by [[~xfnw]]: [=spelling=]%0a* [[9.Rcpu]] . . . @2023-08-21T17:21:54Z by [[~jrmu]]: [==]%0a* [[9.FNS]] . . . @2023-08-19T17:30:06Z by [[~jrmu]]: [==]%0a* [[9.PNS]] . . . @2023-08-19T17:05:01Z by [[~jrmu]]: [==]%0a* [[Shelllabs.Reading]] . . . @2023-08-17T18:18:38Z by [[~jrmu]]: [==]%0a* [[9C.Intro]] . . . @2023-08-15T22:57:20Z by [[~mkf]]: [==]%0a* [[Hw.X230]] . . . @2023-08-15T12:46:43Z by [[~mkf]]: [==]%0a* [[9.Reading]] . . . @2023-08-14T02:37:46Z by [[~jrmu]]: [==]%0a* [[Netcat.Irc]] . . . @2023-08-07T01:37:18Z by [[~xfnw]]: [=correct (unused) USER parameters=]%0a* [[Openbsd.Sysupgrade71]] . . . @2023-07-27T20:09:43Z by [[~xfnw]]: [=using both -U and -u at the same time is pointless=]%0a* [[Profiles.Yonle]] . . . @2023-07-17T15:08:57Z by [[~Yonle]]: [==]%0a* [[Openbsd.ZNCModules]] . . . @2023-07-16T20:56:32Z by [[~izzyb]]: [=Added links to more modules=]%0a* [[Pbug.Bio]] . . . @2023-07-08T13:53:57Z by [[~pbug]]: [==]%0a* [[Vmm.DebianIso]] . . . @2023-07-05T19:58:36Z by [[~TheLion]]: [==]%0a* [[Certbot.Nginx]] . . . @2023-07-04T13:58:54Z by [[~Yonle]]: [==]%0a* [[Pf.Vpn]] . . . @2023-07-04T05:59:40Z by [[~jrmu]]: [==]%0a* [[Ircnow.Perl]] . . . @2023-07-02T21:08:34Z by [[~izzyb]]: [==]%0a* [[Shelllabs.Manifesto]] . . . @2023-07-02T18:39:22Z by [[~jrmu]]: [==]%0a* [[Vpn.VpnIos]] . . . @2023-07-01T21:21:46Z by [[~jrmu]]: [==]%0a* [[Terms.Terms]] . . . @2023-06-30T14:35:54Z by [[~jrmu]]: [==]%0a* [[Team.Announce]] . . . @2023-06-29T23:11:19Z by [[~jrmu]]: [==]%0a* [[Openbsd.Orangepi3lts]] . . . @2023-06-12T00:06:06Z by [[~jrmu]]: [==]%0a* [[Openbsd.Xenodm]] . . . @2023-06-11T16:30:39Z by [[~Posterdati]]: [=OpenBSD, xorg, xenodm, monitors=]%0a* [[Team.Welcome]] . . . @2023-06-10T15:37:17Z by [[~jrmu]]: [==]%0a* [[Ircnow.Education]] . . . @2023-06-10T06:13:37Z by [[~jrmu]]: [==]%0a* [[DNS.RDNS]] . . . @2023-06-10T05:27:27Z by [[~jacobk]]: [=fix link to Ipv6rdns=]%0a* [[Ngircd.Sins]] . . . @2023-06-09T20:20:11Z by [[~jrmu]]: [==]%0a* [[Ngircd.Bugs]] . . . @2023-06-09T19:46:55Z by [[~jrmu]]: [==]%0a* [[Jujube.Jujube]] . . . @2023-06-08T21:38:47Z by [[~Naglfar]]: [=Update domain name=]%0a* [[Ikiwiki.Install]] . . . @2023-06-07T22:48:44Z by [[~jrmu]]: [==]%0a* [[Shell.Limits]] . . . @2023-06-06T20:12:08Z by [[~jrmu]]: [==]%0a* [[Openbsd.Hopm]] . . . @2023-06-06T05:52:47Z by [[~Yonle]]: [==]%0a* [[Freedom.Universal]] . . . @2023-05-31T19:02:56Z by [[~jrmu]]: [==]%0a* [[Openbsd.Gnost-relay]] . . . @2023-05-31T10:53:55Z by [[~Yonle]]: [=There's a reason why i connect to IPv6 instead of IPv4=]%0a* [[Tmux.Config]] . . . @2023-05-29T03:16:54Z by [[~izzyb]]: [=cleanup and added instructions for changing tmux hotkey from ^b:=]%0a* [[Got.RemoteRepo]] . . . @2023-05-28T04:26:48Z by [[~izzyb]]: [==]%0a* [[Freedom.Privacy]] . . . @2023-05-22T19:09:22Z by [[~jrmu]]: [==]%0a* [[Psotnic.Install]] . . . @2023-05-22T16:03:20Z by [[~devune]]: [==]%0a* [[Vmm.DevuanIso]] . . . @2023-05-21T18:54:36Z by [[~pbug]]: [==]%0a* [[Ngircd.Ircnow]] . . . @2023-05-19T21:54:04Z by [[~izzyb]]: [=Setup to match Ianj's version.=]%0a* [[NewsNow.NewsNow]] . . . @2023-05-18T12:51:42Z by [[~miniontoby]]: [==]%0a* [[Nsd.Masterslave]] . . . @2023-05-18T10:44:43Z by [[~Naglfar]]: [==]%0a* [[Botnow.Install]] . . . @2023-05-09T19:17:22Z by [[~izzyb]]: [=added bots tag=]%0a* [[Bouncer.Ircrc]] . . . @2023-05-09T04:40:42Z by [[~jrmu]]: [==]%0a* [[WikiTips.Cookbooks]] . . . @2023-05-04T21:30:21Z by [[~izzyb]]: [==]%0a* [[Openbsd.MlmmjWebArchiver]] . . . @2023-05-04T00:33:10Z by [[~izzyb]]: [=Added missing instructions for installing mhonarc=]%0a* [[Bots.Basicbot]] . . . @2023-04-30T21:47:44Z by [[~izzyb]]: [=fixed missing ; in my $mod={}=]%0a* [[Bots.BasicbotWiki]] . . . @2023-04-30T02:59:37Z by [[~izzyb]]: [=Initial post=]%0a* [[Openhttpd.Perl]] . . . @2023-04-29T22:38:05Z by [[~izzyb]]: [==]%0a* [[Perl101.Perl101]] . . . @2023-04-29T22:34:22Z by [[~izzyb]]: [==]%0a* [[Tmux.Tmux]] . . . @2023-04-29T21:32:15Z by [[~izzyb]]: [=Initial wikigroup page with pagelist and links to other related tools=]%0a* [[Hardware.Ps2]] . . . @2023-04-28T08:01:37Z by [[~mkf]]: [==]%0a* [[Hardware.Ethernet]] . . . @2023-04-26T04:23:15Z by [[~mkf]]: [=importing this new found information, thanks cinap.=]%0a* [[9.Cheatsheet]] . . . @2023-04-26T04:06:46Z by [[~jrmu]]: [==]%0a* [[Mutt.Connect]] . . . @2023-04-23T20:19:43Z by [[~jrmu]]: [==]%0a* [[WikiTips.GroupsTagsCategories]] . . . @2023-04-22T16:12:01Z by [[~izzyb]]: [==]%0a* [[WikiTips.WikiFormatting]] . . . @2023-04-22T06:27:30Z by [[~izzyb]]: [==]%0a* [[WikiTips.WikiGroups]] . . . @2023-04-22T06:04:14Z by [[~izzyb]]: [==]%0a* [[WikiTips.WikiTips]] . . . @2023-04-22T05:11:04Z by [[~izzyb]]: [==]%0a* [[WikiTips.InterMap]] . . . @2023-04-22T04:41:45Z by [[~izzyb]]: [=Tips for using interMap links to other data sources=]%0a* [[Cherry.Cherry]] . . . @2023-04-22T03:53:28Z by [[~izzyb]]: [==]%0a* [[Botnow.Botnow]] . . . @2023-04-22T02:20:54Z by [[~izzyb]]: [==]%0a* [[Bouncer.Irssi]] . . . @2023-04-22T00:51:13Z by [[~izzyb]]: [==]%0a* [[Bots.Translator]] . . . @2023-04-21T15:29:21Z by [[~forero]]: [==]%0a* [[Course-unix100.Course-unix100]] . . . @2023-04-21T04:08:32Z by [[~izzyb]]: [==]%0a* [[Sylpheed.Connect]] . . . @2023-04-20T06:21:36Z by [[~initfree]]: [==]%0a* [[Eggdrop191.Install]] . . . @2023-04-19T16:03:48Z by [[~jrmu]]: [=updated version number=]%0a* [[WikiTips.Markup]] . . . @2023-04-19T04:01:20Z by [[~izzyb]]: [=Added notes on markdown cookbook=]%0a* [[OpenSSH.Keygen]] . . . @2023-04-19T00:30:11Z by [[~izzyb]]: [=softened the language on setting a passphrase to 'should set' instead of 'always set'=]%0a* [[Password.Schemes]] . . . @2023-04-17T20:46:42Z by [[~izzyb]]: [==]%0a* [[Openbsd.KnownIssues]] . . . @2023-04-10T22:02:38Z by [[~izzyb]]: [==]%0a* [[Fics.Install]] . . . @2023-04-08T01:47:11Z by [[~jrmu]]: [==]%0a* [[Chess.Limitsbot]] . . . @2023-04-02T01:49:23Z by [[~jrmu]]: [==]%0a* [[Relayd.TLSMulti]] . . . @2023-03-31T14:16:54Z by [[~jrmu]]: [==]%0a* [[Chess.Tournament]] . . . @2023-03-28T00:50:21Z by [[~jrmu]]: [==]%0a* [[Bots.Bots]] . . . @2023-03-25T04:16:10Z by [[~izzyb]]: [==]%0a* [[Eggdrop.Eggdrop]] . . . @2023-03-25T04:12:34Z by [[~izzyb]]: [==]%0a* [[Eggdrop.DuckHunt]] . . . @2023-03-25T04:11:04Z by [[~izzyb]]: [==]%0a* [[Eggdrop.BotZNC]] . . . @2023-03-25T04:10:26Z by [[~izzyb]]: [==]%0a* [[Eggdrop184.Install]] . . . @2023-03-25T04:04:13Z by [[~izzyb]]: [==]%0a* [[Bots.Botnow]] . . . @2023-03-24T17:57:43Z by [[~izzyb]]: [=Added redirect link for botnow=]%0a* [[9.9p]] . . . @2023-03-23T12:00:13Z by [[~mkf]]: [==]%0a* [[Openbsd.Upgrade72]] . . . @2023-03-22T02:48:07Z by [[~izzyb]]: [=Simple stub to upgrade68=]%0a* [[Openbsd.Upgrade69]] . . . @2023-03-22T02:45:25Z by [[~izzyb]]: [==]%0a* [[Openbsd.Upgrade71]] . . . @2023-03-22T01:24:24Z by [[~izzyb]]: [==]%0a* [[Openbsd.Upgrade70]] . . . @2023-03-22T01:23:31Z by [[~izzyb]]: [==]%0a* [[Openbsd.Upgrade68]] . . . @2023-03-22T01:19:01Z by [[~izzyb]]: [=Added drop screen definitions and info re sysupgrade=]%0a* [[Terms.Privacy]] . . . @2023-03-21T20:09:01Z by [[~mkf]]: [==]%0a* [[Eggdrop.TCLErorrWhileExecutingPackage]] . . . @2023-03-21T03:01:23Z by [[~GuardiaN]]: [==]%0a* [[Xmpp.Xmpp]] . . . @2023-03-20T16:59:36Z by [[~izzyb]]: [==]%0a* [[Letsencrypt.Expired]] . . . @2023-03-19T03:46:41Z by [[~xfnw]]: [=add command for counting certs=]%0a* [[Hardware.Psp]] . . . @2023-03-16T18:44:50Z by [[~mkf]]: [==]%0a* [[Cloud9p.Roadmap]] . . . @2023-03-16T09:29:23Z by [[~mkf]]: [==]%0a* [[Pgp.Create]] . . . @2023-03-13T14:54:27Z by [[~baytuch]]: [=Added export pub key=]%0a* [[OpenBSD.Cheatsheet]] . . . @2023-03-12T09:52:16Z by [[~Yonle]]: [==]%0a* [[9front.Netsurf]] . . . @2023-03-10T15:08:21Z by [[~Yonle]]: [==]%0a* [[Dovecot.SharedMailboxes]] . . . @2023-03-10T14:16:57Z by [[~izzyb]]: [==]%0a* [[Squirrelmail.Install]] . . . @2023-03-10T00:33:25Z by [[~pos]]: [==]%0a* [[FreeIRC.About]] . . . March 05, 2023, at 03:51 PM by [[~kilroy]]: [==]%0a* [[Openbsd.OpenTracker]] . . . March 03, 2023, at 04:37 PM by [[~baytuch]]: [==]%0a* [[Oidentd.ZNC]] . . . February 28, 2023, at 02:34 AM by [[~jrmu]]: [==]%0a* [[Stagit.Install]] . . . February 26, 2023, at 05:24 PM by [[~fossdev]]: [==]%0a* [[Oidentd.Install]] . . . February 26, 2023, at 01:59 AM by [[~jrmu]]: [=Revert erroneous change=]%0a* [[Baytuch.Bio]] . . . February 17, 2023, at 12:00 PM by [[~baytuch]]: [==]%0a* [[Openbsd.Plermoa]] . . . February 16, 2023, at 04:52 AM by [[~Yonle]]: [=Redirect=]%0a* [[Akkoma.Install]] . . . February 09, 2023, at 12:49 PM by [[~Yonle]]: [==]%0a* [[Google.Sins]] . . . February 08, 2023, at 05:13 AM by [[~Yonle]]: [==]%0a* [[Debate.Googledanger]] . . . February 08, 2023, at 05:01 AM by [[~Yonle]]: [==]%0a* [[Debate.Outreachkids]] . . . February 08, 2023, at 04:34 AM by [[~Yonle]]: [==]%0a* [[Openbsd.Mosh]] . . . February 07, 2023, at 11:30 AM by [[~Yonle]]: [==]%0a* [[Route.Usage]] . . . February 06, 2023, at 02:38 PM by [[~mkf]]: [==]%0a* [[Mkf.Wikiv1]] . . . February 06, 2023, at 02:31 PM by [[~mkf]]: [==]%0a* [[Debate.Openweb]] . . . February 06, 2023, at 02:15 PM by [[~Yonle]]: [==]%0a* [[Debate.Youtubedanger]] . . . February 06, 2023, at 02:10 PM by [[~Yonle]]: [==]%0a* [[Paster.Install]] . . . February 06, 2023, at 10:22 AM by [[~mkf]]: [==]%0a* [[Anope.Install]] . . . February 06, 2023, at 09:46 AM by [[~mkf]]: [==]%0a* [[Password.Hashes]] . . . February 04, 2023, at 07:27 AM by [[~izzyb]]: [=formatting fixes=]%0a* [[Chess.Chessgogi]] . . . February 04, 2023, at 03:49 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Passwords]] . . . February 03, 2023, at 07:49 PM by [[~izzyb]]: [==]%0a* [[Password.Management]] . . . February 03, 2023, at 07:44 PM by [[~izzyb]]: [==]%0a* [[DNS.Ipv4rDNS]] . . . February 01, 2023, at 08:31 PM by [[~izzyb]]: [=added note to clarify what address needs to be specified.=]%0a* [[Dovecot.SharedFolders]] . . . January 31, 2023, at 06:03 AM by [[~izzyb]]: [=renaming to sharedMailboxes=]%0a* [[Soju.Install]] . . . January 24, 2023, at 11:29 AM by [[~mkf]]: [=minor changes on style=]%0a* [[Lilywhitebot.Install]] . . . January 24, 2023, at 11:23 AM by [[~mkf]]: [==]%0a* [[SendMoneyToSplinter0616Outlook.Com]] . . . January 24, 2023, at 11:19 AM by [[~mkf]]: [==]%0a* [[Biboumi.Install]] . . . January 20, 2023, at 08:10 PM by [[~mkf]]: [==]%0a* [[Texlive.Install]] . . . January 20, 2023, at 08:05 PM by [[~mkf]]: [==]%0a* [[Rcctl.Rcctl]] . . . January 20, 2023, at 08:00 PM by [[~mkf]]: [==]%0a* [[Hopm.Install]] . . . January 20, 2023, at 07:32 PM by [[~mkf]]: [==]%0a* [[Openbsd.Unrealircd]] . . . January 20, 2023, at 07:27 PM by [[~mkf]]: [==]%0a* [[Unrealircd.Install]] . . . January 20, 2023, at 07:24 PM by [[~mkf]]: [==]%0a* [[Pleroma.Install]] . . . January 20, 2023, at 07:18 PM by [[~mkf]]: [==]%0a* [[Gomuks.Install]] . . . January 20, 2023, at 07:08 PM by [[~mkf]]: [==]%0a* [[Gotweb.Install]] . . . January 20, 2023, at 07:02 PM by [[~mkf]]: [==]%0a* [[Webnews.Install]] . . . January 20, 2023, at 06:57 PM by [[~mkf]]: [==]%0a* [[Php.Install]] . . . January 20, 2023, at 06:52 PM by [[~mkf]]: [==]%0a* [[Mlmmj.Install]] . . . January 20, 2023, at 06:48 PM by [[~mkf]]: [==]%0a* [[Fiche.Install]] . . . January 20, 2023, at 06:44 PM by [[~mkf]]: [==]%0a* [[Prosody.Install]] . . . January 20, 2023, at 06:42 PM by [[~mkf]]: [==]%0a* [[Bitlbee.Install]] . . . January 20, 2023, at 06:36 PM by [[~mkf]]: [==]%0a* [[TigerVNC.Install]] . . . January 20, 2023, at 06:30 PM by [[~mkf]]: [==]%0a* [[NodeJS.Install]] . . . January 20, 2023, at 06:27 PM by [[~mkf]]: [==]%0a* [[Pmwiki.Install]] . . . January 20, 2023, at 06:19 PM by [[~mkf]]: [==]%0a* [[Xfce.Install]] . . . January 20, 2023, at 06:17 PM by [[~mkf]]: [==]%0a* [[Ngircd.Install]] . . . January 20, 2023, at 06:08 PM by [[~mkf]]: [==]%0a* [[Openbsd.Vipw]] . . . January 18, 2023, at 11:01 PM by [[~zen]]: [=added two spaces=]%0a* [[Grep.Usage]] . . . January 18, 2023, at 10:54 PM by [[~zen]]: [==]%0a* [[Team.Networks]] . . . January 12, 2023, at 06:36 PM by [[~kilroy]]: [=Updated Sturtz IRC=]%0a* [[Znc.Install]] . . . January 07, 2023, at 11:58 PM by [[~jrmu]]: [==]%0a* [[Rspamd.Configure]] . . . January 03, 2023, at 04:55 PM by [[~mkf]]: [==]%0a* [[Dovecot.Pigeonhole]] . . . December 30, 2022, at 04:24 PM by [[~mkf]]: [=style 2=]%0a* [[Openbsd.Quota]] . . . December 29, 2022, at 06:51 PM by [[~mkf]]: [==]%0a* [[Profiles.Miniontoby]] . . . December 26, 2022, at 07:26 PM by [[~miniontoby]]: [=Created=]%0a* [[Openbsd.Minetest]] . . . December 26, 2022, at 07:23 PM by [[~miniontoby]]: [=Added more ways to install=]%0a* [[Splinter0616Outlook.Com]] . . . December 25, 2022, at 02:37 AM by [[~SplinTer]]: [==]%0a* [[Ngircd.Oper]] . . . December 25, 2022, at 12:03 AM by [[~forero]]: [==]%0a* [[Openbsd.Honk]] . . . December 17, 2022, at 08:45 AM by [[~Yonle]]: [==]%0a* [[Yonle.Bio]] . . . December 13, 2022, at 05:18 PM by [[~Yonle]]: [==]%0a* [[Camping.Gear]] . . . December 12, 2022, at 04:39 AM by [[~jrmu]]: [==]%0a* [[Vhost.Vhost]] . . . December 12, 2022, at 03:36 AM by [[~xfnw]]: [==]%0a* [[Vhost.Ircnow]] . . . December 12, 2022, at 03:13 AM by [[~xfnw]]: [=ircfree.com is not an ircnow domain=]%0a* [[I2Pd.Tunnels]] . . . December 06, 2022, at 02:52 PM by [[~Yonle]]: [=There we go. =]%0a* [[I2pd.Tunnels]] . . . December 06, 2022, at 02:45 PM by [[~Yonle]]: [==]%0a* [[Unwind.Configure]] . . . November 26, 2022, at 09:23 PM by [[~akoizumi]]: [=add unwind=]%0a* [[Debian.Install]] . . . November 13, 2022, at 11:43 AM by [[~suzerain]]: [=writing=]%0a* [[Lemon.Lemon]] . . . November 10, 2022, at 01:48 PM by [[~mkf]]: [==]%0a* [[Bouncer.JmIRC]] . . . November 04, 2022, at 06:18 PM by [[~baytuch]]: [=Added screenshots about setup=]%0a* [[Bouncer.XChat]] . . . October 16, 2022, at 11:09 PM by [[~xfnw]]: [=XChat is unmaintained=]%0a* [[Eggdrop.VHost]] . . . October 02, 2022, at 01:05 PM by [[~sulieztya]]: [==]%0a* [[Eggdrop.VhostTCL]] . . . October 02, 2022, at 07:06 AM by [[~sulieztya]]: [==]%0a* [[He.IPv6Certification]] . . . September 16, 2022, at 05:32 PM by [[~xfnw]]: [=create page=]%0a* [[Shelllabs.Education]] . . . September 14, 2022, at 07:30 PM by [[~jrmu]]: [==]%0a* [[About.AboutUs]] . . . September 13, 2022, at 06:42 PM by [[~zleap]]: [==]%0a* [[LegalAndSafety.LegalAndSafety]] . . . September 13, 2022, at 05:19 PM by [[~zleap]]: [==]%0a* [[LegalAndSafety.LegalAmpSafety]] . . . September 13, 2022, at 05:17 PM by [[~zleap]]: [==]%0a* [[LegalAmpSafety.Subheading]] . . . September 13, 2022, at 05:15 PM by [[~zleap]]: [==]%0a* [[Acmesh.Configure]] . . . September 11, 2022, at 06:03 PM by [[~akoizumi]]: [=Added acme.sh (currently a WIP)=]%0a* [[Dehydrated.Configure]] . . . September 11, 2022, at 02:52 PM by [[~akoizumi]]: [=Add dehydrated=]%0a* [[Profiles.Izzyb]] . . . September 11, 2022, at 06:28 AM by [[~izzyb]]: [==]%0a* [[Site.EditForm]] . . . September 11, 2022, at 06:22 AM by [[~izzyb]]: [=Make Author none editable field=]%0a* [[Openbsd.Geomyidae]] . . . September 10, 2022, at 02:31 AM by [[~akoizumi]]: [==]%0a* [[Openbsd.INN]] . . . September 10, 2022, at 02:23 AM by [[~akoizumi]]: [=Fix some types=]%0a* [[Heading.Subheading]] . . . September 07, 2022, at 07:23 PM by [[~zleap]]: [==]%0a* [[Eggdrop193.Install]] . . . September 07, 2022, at 04:48 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Pioneer]] . . . August 14, 2022, at 05:06 AM by [[~jrmu]]: [==]%0a* [[Openbsd.VsFTP]] . . . August 10, 2022, at 03:18 PM by [[~mkf]]: [=snipped unneeded output=]%0a* [[C.Scanf]] . . . August 10, 2022, at 09:51 AM by [[~mkf]]: [==]%0a* [[Orange.CertsReissue]] . . . August 08, 2022, at 05:35 AM by [[~baytuch]]: [==]%0a* [[Pgp.Upload]] . . . August 01, 2022, at 01:21 PM by [[~jan6]]: [=keys.openpgp.org uses a superior implementation, less vulnerable to various issues=]%0a* [[Lemon.Packages]] . . . July 30, 2022, at 07:52 PM by [[~mkf]]: [==]%0a* [[Netizen.Ellisisland]] . . . July 27, 2022, at 07:05 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Newdeal]] . . . July 27, 2022, at 06:55 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Daughtersofliberty]] . . . July 27, 2022, at 06:45 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Womenstem]] . . . July 21, 2022, at 05:59 PM by [[~jrmu]]: [==]%0a* [[Eggdrop.RC]] . . . July 20, 2022, at 06:55 PM by [[~baytuch]]: [==]%0a* [[Opensmtpd.Troubleshoot]] . . . July 20, 2022, at 03:58 PM by [[~jlj]]: [=Added notes about how I resolved the first two errors, on nastycode=]%0a* [[Eggdrop.Nickserv]] . . . July 19, 2022, at 10:05 AM by [[~baytuch]]: [==]%0a* [[Iked.Linuxstrongswan]] . . . July 03, 2022, at 11:29 PM by [[~jrmu]]: [==]%0a* [[Acme-client.AutoRenew]] . . . July 03, 2022, at 11:50 AM by [[~mkf]]: [==]%0a* [[Openbsd.Apmd]] . . . July 03, 2022, at 11:36 AM by [[~mkf]]: [==]%0a* [[Ircnow.Roadmap2022]] . . . July 03, 2022, at 11:04 AM by [[~mkf]]: [==]%0a* [[Vpn.Myipaddress]] . . . June 30, 2022, at 09:51 PM by [[~jrmu]]: [==]%0a* [[Unbound.Blacklists]] . . . June 25, 2022, at 06:02 AM by [[~jrmu]]: [==]%0a* [[Iked.Linux]] . . . June 23, 2022, at 07:10 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Nsf]] . . . June 20, 2022, at 05:05 PM by [[~jrmu]]: [==]%0a* [[Debate.Debate]] . . . June 19, 2022, at 04:12 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Metrics]] . . . June 19, 2022, at 04:12 PM by [[~jrmu]]: [==]%0a* [[Dns.Records]] . . . June 19, 2022, at 05:44 AM by [[~jrmu]]: [==]%0a* [[Vmm.Alpine]] . . . June 13, 2022, at 05:42 PM by [[~fossdev]]: [==]%0a* [[Vmm.Arch]] . . . June 12, 2022, at 04:11 PM by [[~g1n]]: [=Added article about Arch Linux setup on VMM=]%0a* [[Unveil.Intro]] . . . June 12, 2022, at 12:40 AM by [[~jrmu]]: [==]%0a* [[Pledge.Intro]] . . . June 12, 2022, at 12:39 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Bsdrd]] . . . June 09, 2022, at 07:17 AM by [[~jrmu]]: [==]%0a* [[Vnc.Vnc]] . . . June 08, 2022, at 04:04 PM by [[~miniontoby]]: [=Added RealVNC Viewer to the list (might need some more extra stuff, but yeah its fine)=]%0a* [[Openbsd.Growfs]] . . . June 01, 2022, at 12:34 AM by [[~jrmu]]: [==]%0a* [[Hostnameif.Static-v2]] . . . May 23, 2022, at 06:29 AM by [[~theguest]]: [==]%0a* [[Grape.Minetest]] . . . May 10, 2022, at 10:48 AM by [[~baytuch]]: [==]%0a* [[Irc.Emoji]] . . . May 10, 2022, at 10:23 AM by [[~baytuch]]: [==]%0a* [[Openbsd.Nsd]] . . . May 10, 2022, at 12:33 AM by [[~jrmu]]: [==]%0a* [[Opsofliberty.Bootcamp]] . . . May 09, 2022, at 08:38 AM by [[~mkf]]: [==]%0a* [[Openbsd.Ports]] . . . May 09, 2022, at 05:54 AM by [[~mkf]]: [==]%0a* [[Ngircd.Ssl]] . . . May 08, 2022, at 03:30 PM by [[~miniontoby]]: [=fixed the text=]%0a* [[Codeforce.Training]] . . . May 03, 2022, at 03:02 AM by [[~jrmu]]: [==]%0a* [[Civics.Intro]] . . . May 03, 2022, at 01:06 AM by [[~jrmu]]: [==]%0a* [[OpenBSD.EdgeRouter-Lite]] . . . April 28, 2022, at 02:50 PM by [[~pufferf]]: [==]%0a* [[Math.Reading]] . . . April 27, 2022, at 08:23 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install71]] . . . April 24, 2022, at 09:55 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Botnow]] . . . April 24, 2022, at 06:14 AM by [[~jrmu]]: [==]%0a* [[Buyvm.Ipv6]] . . . April 24, 2022, at 06:10 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.Rss]] . . . April 23, 2022, at 04:20 PM by [[~jrmu]]: [==]%0a* [[Team.Testing]] . . . April 20, 2022, at 09:45 PM by [[~jrmu]]: [==]%0a* [[Dns.Registrars]] . . . April 20, 2022, at 09:30 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Gopher]] . . . April 20, 2022, at 08:29 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Adduser]] . . . April 20, 2022, at 08:07 PM by [[~jrmu]]: [==]%0a* [[Signify.Verify]] . . . April 20, 2022, at 06:24 PM by [[~jrmu]]: [==]%0a* [[Almanack.Route]] . . . April 20, 2022, at 06:23 AM by [[~jrmu]]: [==]%0a* [[Ntpd.Configure]] . . . April 20, 2022, at 06:17 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ntpd]] . . . April 20, 2022, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmmlinux]] . . . April 20, 2022, at 05:33 AM by [[~jrmu]]: [==]%0a* [[Vmm.Linux]] . . . April 20, 2022, at 05:33 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Iked]] . . . April 20, 2022, at 05:16 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Team]] . . . April 20, 2022, at 04:54 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Networks]] . . . April 19, 2022, at 04:22 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Announce]] . . . April 19, 2022, at 04:14 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Ally]] . . . April 19, 2022, at 04:11 PM by [[~jrmu]]: [==]%0a* [[Openhttpd.Chroot]] . . . April 19, 2022, at 04:05 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install70]] . . . April 19, 2022, at 06:52 AM by [[~jrmu]]: [==]%0a* [[CodeForce.Bootcamp]] . . . April 19, 2022, at 06:29 AM by [[~jrmu]]: [==]%0a* [[Vmm.Vmm]] . . . April 15, 2022, at 12:20 PM by [[~Naglfar]]: [=Update: report from PiRATA=]%0a* [[Minutemin.Minutemin]] . . . April 06, 2022, at 02:55 AM by [[~jrmu]]: [==]%0a* [[Openhttpd.CGI]] . . . April 05, 2022, at 04:22 PM by [[~gtlsgamr]]: [==]%0a* [[Openbsd.Censord]] . . . April 05, 2022, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dns]] . . . April 05, 2022, at 05:24 AM by [[~jrmu]]: [==]%0a* [[Debate.Zncflaws]] . . . April 05, 2022, at 05:18 AM by [[~jrmu]]: [==]%0a* [[Debate.Debiandanger]] . . . April 04, 2022, at 04:30 AM by [[~jrmu]]: [==]%0a* [[Soju.Guide]] . . . April 02, 2022, at 03:46 PM by [[~Yonle]]: [==]%0a* [[Nitter.Install]] . . . April 02, 2022, at 01:08 AM by [[~fallback]]: [=first nitter install page=]%0a* [[Debiankaios.Bio]] . . . April 01, 2022, at 05:10 PM by [[~debiankaios]]: [==]%0a* [[Chess.Reading]] . . . March 29, 2022, at 10:02 PM by [[~jrmu]]: [==]%0a* [[Irc.Services]] . . . March 25, 2022, at 04:29 AM by [[~jrmu]]: [==]%0a* [[Syslogd.Configure]] . . . March 25, 2022, at 04:07 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ddos]] . . . March 24, 2022, at 04:22 PM by [[~jrmu]]: [==]%0a* [[Ddos.Intro]] . . . March 24, 2022, at 04:22 PM by [[~jrmu]]: [==]%0a* [[Bouncer.ZNC]] . . . March 19, 2022, at 07:31 AM by [[~fallback]]: [==]%0a* [[ISCABBS.DownloadingAndInstalling]] . . . March 15, 2022, at 10:42 PM by [[~Mandarax]]: [==]%0a* [[ISCABBS.ISCABBS]] . . . March 15, 2022, at 09:24 PM by [[~Mandarax]]: [==]%0a* [[Unix.History]] . . . March 14, 2022, at 06:07 PM by [[~jrmu]]: [==]%0a* [[Unix.Exhibit]] . . . March 13, 2022, at 11:37 PM by [[~jrmu]]: [==]%0a* [[Debate.Dogfooding]] . . . March 10, 2022, at 05:14 AM by [[~jrmu]]: [==]%0a* [[Doxing.Defense]] . . . March 05, 2022, at 08:54 PM by [[~jrmu]]: [==]%0a* [[Mlmmj-archivist.Install]] . . . March 03, 2022, at 05:26 AM by [[~error]]: [==]%0a* [[Openbsd.IRCBridge]] . . . February 28, 2022, at 02:59 AM by [[~suzerain]]: [==]%0a* [[Unix101.Vi]] . . . February 27, 2022, at 08:16 PM by [[~jrmu]]: [==]%0a* [[Vi.Intro]] . . . February 27, 2022, at 04:16 PM by [[~Limits]]: [=Add Introduction to Vi=]%0a* [[Irc201.Irc201]] . . . February 27, 2022, at 04:21 AM by [[~suzerain]]: [==]%0a* [[9.Ideas]] . . . February 23, 2022, at 05:19 PM by [[~mkf]]: [==]%0a* [[Main.WikiSandbox]] . . . February 22, 2022, at 11:05 PM by [[~mkf]]: [==]%0a* [[Openbsd.Wesnothd]] . . . February 21, 2022, at 06:28 AM by [[~mkf]]: [=Wesnothd=]%0a* [[9.Audio]] . . . February 20, 2022, at 08:07 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Xonotic]] . . . February 20, 2022, at 07:43 AM by [[~mkf]]: [=A xonotic server has apperad! pt.2=]%0a* [[PuTTY.PuTTYgen]] . . . February 16, 2022, at 05:24 AM by [[~jrmu]]: [==]%0a* [[Debate.Ircnowd]] . . . February 14, 2022, at 06:24 PM by [[~jrmu]]: [==]%0a* [[Stopm.Stopm]] . . . February 14, 2022, at 06:16 PM by [[~jrmu]]: [==]%0a* [[Police.Fingerprints]] . . . February 12, 2022, at 02:09 PM by [[~xfnw]]: [=ip addresses should be sorted with sort -V=]%0a* [[Openbsd.Police]] . . . February 10, 2022, at 07:36 PM by [[~jrmu]]: [==]%0a* [[Dns.Dns]] . . . February 10, 2022, at 07:39 AM by [[~nixdork]]: [=Fix typo=]%0a* [[Dns.BindResolver]] . . . February 10, 2022, at 07:30 AM by [[~nixdork]]: [=First draft of bind resolver howto=]%0a* [[Botnow.SqliteViews]] . . . February 10, 2022, at 02:00 AM by [[~xfnw]]: [==]%0a* [[AncientWisdom.Bio]] . . . February 07, 2022, at 01:18 PM by [[~AncientWisdom]]: [==]%0a* [[Minutemin.Server]] . . . February 05, 2022, at 08:14 AM by [[~jrmu]]: [==]%0a* [[Vmm.SlackwareIso]] . . . February 03, 2022, at 10:53 PM by [[~Naglfar]]: [=Slackware 15.0 x86 stable is released=]%0a* [[Duplicity.Usage]] . . . February 02, 2022, at 10:31 AM by [[~jrmu]]: [==]%0a* [[Openssl.Encryptfile]] . . . February 02, 2022, at 09:29 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Tcpip]] . . . January 24, 2022, at 05:45 PM by [[~jrmu]]: [==]%0a* [[Synclient.Configure]] . . . January 24, 2022, at 06:02 AM by [[~jrmu]]: [==]%0a* [[9.Install]] . . . January 22, 2022, at 06:57 AM by [[~mkf]]: [==]%0a* [[Asterisk.Install]] . . . January 19, 2022, at 05:34 AM by [[~jrmu]]: [==]%0a* [[9.Ndb]] . . . January 16, 2022, at 06:46 PM by [[~mkf]]: [==]%0a* [[Openbsd.U9fs]] . . . January 16, 2022, at 06:23 PM by [[~mkf]]: [==]%0a* [[Dns.FQDN]] . . . January 15, 2022, at 10:16 PM by [[~jrmu]]: [==]%0a* [[Nsd.DNSSec]] . . . January 14, 2022, at 02:53 AM by [[~pyr3x]]: [==]%0a* [[Openbsd.Locale]] . . . January 12, 2022, at 01:23 PM by [[~baytuch]]: [==]%0a* [[Ksh.Autocomplete]] . . . January 11, 2022, at 01:44 PM by [[~miniontoby]]: [=updated url=]%0a* [[Gpg.Verify]] . . . January 08, 2022, at 09:48 PM by [[~Naglfar]]: [=Add description=]%0a* [[Mlmmj.Archive]] . . . January 06, 2022, at 10:52 PM by [[~Hawk]]: [==]%0a* [[9.Hostowner]] . . . January 06, 2022, at 11:29 AM by [[~mkf]]: [==]%0a* [[Ircnow.Dogfood]] . . . January 06, 2022, at 08:48 AM by [[~jrmu]]: [==]%0a* [[9.Chording]] . . . January 03, 2022, at 02:40 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Status]] . . . January 03, 2022, at 06:06 AM by [[~jrmu]]: [==]%0a* [[Census.Census]] . . . January 02, 2022, at 11:27 AM by [[~jrmu]]: [==]%0a* [[Bncnow.Bncnow]] . . . January 02, 2022, at 11:18 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Projects]] . . . January 02, 2022, at 11:09 AM by [[~jrmu]]: [==]%0a* [[Ircfs.Intro]] . . . January 02, 2022, at 10:49 AM by [[~jrmu]]: [==]%0a* [[Ircnowd.Ircnowd]] . . . January 02, 2022, at 06:32 AM by [[~jrmu]]: [==]%0a* [[Marketing.Marketing]] . . . January 02, 2022, at 06:20 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Sonsofliberty]] . . . January 02, 2022, at 06:06 AM by [[~jrmu]]: [==]%0a* [[Pkgadd.CheckUpdates]] . . . January 01, 2022, at 04:29 AM by [[~pyr3x]]: [==]%0a* [[Ircnow.Roadmap2021]] . . . December 30, 2021, at 06:31 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Sftp]] . . . December 30, 2021, at 06:01 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Status2022]] . . . December 30, 2021, at 05:35 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.UTF8]] . . . December 28, 2021, at 08:21 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Uim]] . . . December 26, 2021, at 01:45 AM by [[~jrmu]]: [==]%0a* [[Sshwifty.Install]] . . . December 23, 2021, at 02:49 PM by [[~miniontoby]]: [=created=]%0a* [[Nsd.Zone]] . . . December 23, 2021, at 10:33 AM by [[~jrmu]]: [==]%0a* [[OpenSSH.RSAkeys]] . . . December 22, 2021, at 03:18 PM by [[~miniontoby]]: [==]%0a* [[Openbsd.Wifi]] . . . December 22, 2021, at 02:59 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Recordaudio]] . . . December 22, 2021, at 01:24 PM by [[~jrmu]]: [==]%0a* [[9.9]] . . . December 22, 2021, at 11:30 AM by [[~xfnw]]: [=fix some grammatical errors=]%0a* [[Parec.Record]] . . . December 22, 2021, at 07:02 AM by [[~jrmu]]: [==]%0a* [[Sox.Concat]] . . . December 22, 2021, at 07:01 AM by [[~jrmu]]: [==]%0a* [[Ffmpeg.Recordscreen]] . . . December 22, 2021, at 07:00 AM by [[~jrmu]]: [==]%0a* [[JuiceSSH.Connect]] . . . December 20, 2021, at 01:03 PM by [[~jrmu]]: [==]%0a* [[9.Independent]] . . . December 20, 2021, at 12:47 PM by [[~jrmu]]: [==]%0a* [[MacScreenSharing.Connect]] . . . December 20, 2021, at 11:57 AM by [[~jrmu]]: [==]%0a* [[9.Partdisk]] . . . December 20, 2021, at 11:39 AM by [[~jrmu]]: [==]%0a* [[Got.Usage]] . . . December 17, 2021, at 04:44 PM by [[~jrmu]]: [==]%0a* [[Irc.Federation]] . . . December 17, 2021, at 02:03 PM by [[~jrmu]]: [==]%0a* [[Irc.Chanop]] . . . December 14, 2021, at 04:58 AM by [[~mkf]]: [==]%0a* [[9.Todo]] . . . December 03, 2021, at 07:52 PM by [[~mkf]]: [==]%0a* [[Pylink.Chroot]] . . . December 02, 2021, at 02:03 PM by [[~jrmu]]: [==]%0a* [[Pylink.Install]] . . . December 02, 2021, at 02:02 PM by [[~jrmu]]: [==]%0a* [[Jrmu.Marriage]] . . . December 02, 2021, at 06:09 AM by [[~jrmu]]: [==]%0a* [[Hosting.Hosting]] . . . December 01, 2021, at 02:01 PM by [[~jrmu]]: [==]%0a* [[Mc.Usage]] . . . November 29, 2021, at 07:53 PM by [[~mkf]]: [==]%0a* [[PuTTY.Connect]] . . . November 29, 2021, at 12:13 PM by [[~jrmu]]: [==]%0a* [[Texlive.Sinhala]] . . . November 28, 2021, at 06:35 AM by [[~jrmu]]: [==]%0a* [[MailWindows.Connect]] . . . November 27, 2021, at 03:12 PM by [[~jrmu]]: [==]%0a* [[Gajim.Biboumi]] . . . November 27, 2021, at 01:02 PM by [[~jrmu]]: [==]%0a* [[Mcabber.Connect]] . . . November 26, 2021, at 01:38 PM by [[~jrmu]]: [==]%0a* [[ChatSecure.Connect]] . . . November 26, 2021, at 11:36 AM by [[~jrmu]]: [==]%0a* [[9.9pfs]] . . . November 24, 2021, at 02:00 PM by [[~mkf]]: [==]%0a* [[Vmm.DebianInstall]] . . . November 24, 2021, at 11:44 AM by [[~nicoz]]: [==]%0a* [[Siskin.Connect]] . . . November 23, 2021, at 04:38 PM by [[~jrmu]]: [==]%0a* [[Dino.Connect]] . . . November 23, 2021, at 02:10 PM by [[~mkf]]: [==]%0a* [[Monal.Connect]] . . . November 23, 2021, at 10:32 AM by [[~jrmu]]: [==]%0a* [[Xabber.Connect]] . . . November 23, 2021, at 10:20 AM by [[~jrmu]]: [==]%0a* [[DNS.DMARC]] . . . November 22, 2021, at 10:52 PM by [[~Hawk]]: [==]%0a* [[StorkIM.Connect]] . . . November 21, 2021, at 05:03 AM by [[~jrmu]]: [==]%0a* [[Conversations.Connect]] . . . November 20, 2021, at 05:37 PM by [[~jrmu]]: [==]%0a* [[Yaxim.Connect]] . . . November 20, 2021, at 05:09 PM by [[~jrmu]]: [==]%0a* [[Adium.Connect]] . . . November 20, 2021, at 07:32 AM by [[~jrmu]]: [==]%0a* [[Vmm.AlmaLinux]] . . . November 20, 2021, at 06:47 AM by [[~dodocrypto]]: [==]%0a* [[Psi.Connect]] . . . November 17, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[Pidgin.Connect]] . . . November 17, 2021, at 10:18 AM by [[~jrmu]]: [==]%0a* [[Gajim.Connect]] . . . November 17, 2021, at 08:01 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Training]] . . . November 16, 2021, at 03:30 PM by [[~Hawk]]: [==]%0a* [[Opera.Connect]] . . . November 16, 2021, at 12:12 AM by [[~wiz]]: [==]%0a* [[0dev.0dev]] . . . November 12, 2021, at 03:00 AM by [[~dodocrypto]]: [==]%0a* [[Vmm.RockyLinux]] . . . November 11, 2021, at 10:51 AM by [[~dodocrypto]]: [==]%0a* [[Opensmtpd.Openrelay]] . . . November 11, 2021, at 10:37 AM by [[~mkf]]: [==]%0a* [[Sandbox.0dev]] . . . November 11, 2021, at 01:45 AM by [[~dodocrypto]]: [==]%0a* [[Got.Mirror]] . . . November 07, 2021, at 05:22 PM by [[~jrmu]]: [==]%0a* [[Vpn.OpenIKED]] . . . November 07, 2021, at 03:45 PM by [[~gloNO]]: [==]%0a* [[Openbsd.Got]] . . . November 07, 2021, at 03:16 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Opsofliberty]] . . . November 06, 2021, at 05:15 PM by [[~jrmu]]: [==]%0a* [[Emacs.Emacs]] . . . November 06, 2021, at 04:39 PM by [[~LohanG]]: [==]%0a* [[ZNC.Support]] . . . November 06, 2021, at 03:53 PM by [[~LohanG]]: [=added libera=]%0a* [[9.Stone]] . . . November 04, 2021, at 04:09 PM by [[~meeekeeef]]: [==]%0a* [[9.Zuke]] . . . November 04, 2021, at 04:01 PM by [[~meeekeeef]]: [==]%0a* [[Znc.Relayd]] . . . November 03, 2021, at 10:18 AM by [[~jrmu]]: [==]%0a* [[Znc.Debug]] . . . November 02, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[Znc.Usage]] . . . November 02, 2021, at 03:09 PM by [[~jrmu]]: [==]%0a* [[Almanack.Rewrite]] . . . October 31, 2021, at 10:30 PM by [[~hydragyrum]]: [==]%0a* [[9.Sysupdate]] . . . October 31, 2021, at 10:21 PM by [[~meeekeeef]]: [==]%0a* [[Debian.Debian]] . . . October 31, 2021, at 12:34 PM by [[~monaco]]: [==]%0a* [[Ircnow.Victorycpus]] . . . October 30, 2021, at 08:17 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Settler]] . . . October 29, 2021, at 04:03 PM by [[~jrmu]]: [==]%0a* [[Debian.Nginxphpfpm]] . . . October 29, 2021, at 12:26 PM by [[~monaco]]: [==]%0a* [[Debian.Nginx]] . . . October 29, 2021, at 12:18 PM by [[~monaco]]: [==]%0a* [[Vmm.Homerouter]] . . . October 26, 2021, at 05:08 PM by [[~jrmu]]: [==]%0a* [[9.Netcat]] . . . October 25, 2021, at 03:40 PM by [[~jrmu]]: [==]%0a* [[9.Plan9ini]] . . . October 24, 2021, at 04:30 PM by [[~jrmu]]: [==]%0a* [[Iked.Newconfig]] . . . October 24, 2021, at 03:49 PM by [[~tool]]: [==]%0a* [[Lua.Minetest-1]] . . . October 24, 2021, at 10:30 AM by [[~debiankaios]]: [==]%0a* [[9.Links]] . . . October 24, 2021, at 06:29 AM by [[~mkf]]: [==]%0a* [[9.Keybindings]] . . . October 24, 2021, at 06:15 AM by [[~mkf]]: [=heheheheheh=]%0a* [[Xdefaults.Configure]] . . . October 23, 2021, at 02:40 PM by [[~jrmu]]: [==]%0a* [[TigerVNC.SSH]] . . . October 23, 2021, at 11:56 AM by [[~Hawk]]: [==]%0a* [[9.Ssh]] . . . October 22, 2021, at 12:54 AM by [[~jrmu]]: [==]%0a* [[Vmm.Devuan4Iso]] . . . October 21, 2021, at 04:29 PM by [[~debiankaios]]: [=changed beowulf_3.1.1 to chimaera_4.0.0=]%0a* [[9.101]] . . . October 20, 2021, at 04:53 PM by [[~jrmu]]: [==]%0a* [[Fvwm.Configure]] . . . October 18, 2021, at 10:20 AM by [[~jrmu]]: [==]%0a* [[KISSmo.KISSmo]] . . . October 18, 2021, at 09:58 AM by [[~monaco]]: [==]%0a* [[KISSmo.Download]] . . . October 18, 2021, at 09:53 AM by [[~monaco]]: [==]%0a* [[KISSmo.About]] . . . October 18, 2021, at 09:52 AM by [[~monaco]]: [==]%0a* [[KISSmo.Install]] . . . October 18, 2021, at 09:44 AM by [[~monaco]]: [==]%0a* [[Cvs.Repo]] . . . October 17, 2021, at 08:32 AM by [[~jrmu]]: [==]%0a* [[Cvs.Anoncvs]] . . . October 17, 2021, at 04:00 AM by [[~jrmu]]: [==]%0a* [[Cvs.Commit]] . . . October 17, 2021, at 03:58 AM by [[~jrmu]]: [==]%0a* [[Cvs.Cvsweb]] . . . October 17, 2021, at 03:28 AM by [[~jrmu]]: [==]%0a* [[9.Cvsfs]] . . . October 15, 2021, at 12:58 PM by [[~mkf]]: [==]%0a* [[Openbsd.Sysupgrade70]] . . . October 15, 2021, at 11:02 AM by [[~mkf]]: [=humans are easily confused.=]%0a* [[Openbsd.Ilines]] . . . October 15, 2021, at 02:36 AM by [[~jrmu]]: [==]%0a* [[Vmm.Devuan-ISO]] . . . October 14, 2021, at 09:50 AM by [[~siva]]: [==]%0a* [[Vmm.Devuan-Simple]] . . . October 14, 2021, at 09:48 AM by [[~siva]]: [=Tutorial Created=]%0a* [[Cvs.Intro]] . . . October 13, 2021, at 03:49 PM by [[~jrmu]]: [==]%0a* [[Synapse.Install]] . . . October 12, 2021, at 02:49 PM by [[~miniontoby]]: [=Created=]%0a* [[Ircnow.Oper]] . . . October 12, 2021, at 03:02 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Diversity]] . . . October 09, 2021, at 02:56 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Linux]] . . . October 08, 2021, at 04:51 AM by [[~jrmu]]: [==]%0a* [[OpenBSD.ResetPassword]] . . . October 07, 2021, at 03:56 AM by [[~jrmu]]: [==]%0a* [[Terms.Vps]] . . . October 06, 2021, at 12:30 AM by [[~jrmu]]: [==]%0a* [[9.JSDrawterm]] . . . September 30, 2021, at 06:06 PM by [[~jrmu]]: [==]%0a* [[9.Fonts]] . . . September 28, 2021, at 05:13 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install69]] . . . September 27, 2021, at 05:59 PM by [[~jrmu]]: [==]%0a* [[Cvs.Guide]] . . . September 26, 2021, at 02:28 PM by [[~Miniontoby]]: [==]%0a* [[License.IrcnowV2]] . . . September 21, 2021, at 03:53 AM by [[~jrmu]]: [==]%0a* [[Vmm.Router]] . . . September 14, 2021, at 12:11 PM by [[~jrmu]]: [==]%0a* [[Weechat.Relay]] . . . September 11, 2021, at 05:46 PM by [[~mkf]]: [==]%0a* [[Gry.Bio]] . . . September 11, 2021, at 02:49 AM by [[~jrmu]]: [==]%0a* [[Hopm.Telnet]] . . . September 10, 2021, at 06:13 AM by [[~mkf]]: [==]%0a* [[Wraith.Chroot]] . . . September 10, 2021, at 06:11 AM by [[~mkf]]: [==]%0a* [[ZNC.Skins]] . . . September 06, 2021, at 07:58 AM by [[~mkf]]: [="Huh, pmwiki has a bug." no numbered list if use monospaced text. :(=]%0a* [[Seamonkey.Connect]] . . . August 28, 2021, at 01:05 PM by [[~mkf]]: [==]%0a* [[Debate.Wikistyle]] . . . August 27, 2021, at 03:29 PM by [[~mkf]]: [==]%0a* [[Email.EmailAndroidEmailApp]] . . . August 27, 2021, at 02:37 PM by [[~mkf]]: [==]%0a* [[Tmux.Shortcuts]] . . . August 27, 2021, at 12:56 PM by [[~mkf]]: [==]%0a* [[Vmm.Haiku]] . . . August 27, 2021, at 12:53 PM by [[~mkf]]: [==]%0a* [[Openbsd.Mailopenproxy]] . . . August 25, 2021, at 08:19 PM by [[~mkf]]: [==]%0a* [[Openbsd.Two-FactorAuth]] . . . August 23, 2021, at 07:39 PM by [[~mkf]]: [=login.db compiling is no longer recommended.=]%0a* [[Vmm.DragonflyBSD]] . . . August 23, 2021, at 07:31 PM by [[~mkf]]: [=logs=]%0a* [[Vmm.NetBSD]] . . . August 23, 2021, at 07:01 PM by [[~mkf]]: [=better logs?=]%0a* [[DNS.Ipv6rDNS]] . . . August 23, 2021, at 11:55 AM by [[~jrmu]]: [==]%0a* [[Pipes.Redirection]] . . . August 23, 2021, at 03:50 AM by [[~jrmu]]: [==]%0a* [[Ksh.Redirection]] . . . August 23, 2021, at 03:50 AM by [[~jrmu]]: [==]%0a* [[Rbldnsd.Install]] . . . August 22, 2021, at 07:58 PM by [[~mkf]]: [=wiki-ish.=]%0a* [[Netcat.Smtp]] . . . August 22, 2021, at 06:58 PM by [[~mkf]]: [=byebye=]%0a* [[Openbsd.Npppd]] . . . August 21, 2021, at 01:43 PM by [[~mkf]]: [==]%0a* [[Shell.Shell]] . . . August 21, 2021, at 11:42 AM by [[~jrmu]]: [==]%0a* [[Tls.CA]] . . . August 21, 2021, at 11:10 AM by [[~jrmu]]: [==]%0a* [[Openssl.Imap]] . . . August 21, 2021, at 04:05 AM by [[~AncientWisdom]]: [==]%0a* [[Ircnow.Todo]] . . . August 17, 2021, at 08:41 AM by [[~mkf]]: [==]%0a* [[Vmm.GuixIso]] . . . August 16, 2021, at 05:12 PM by [[~jrmu]]: [==]%0a* [[Vmm.VoidIso]] . . . August 16, 2021, at 06:19 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Gophernicus]] . . . August 15, 2021, at 02:06 AM by [[~mkf]]: [==]%0a* [[Gazette.Gazette]] . . . August 15, 2021, at 01:14 AM by [[~mkf]]: [=a bit polishing=]%0a* [[EmailTray.Connect]] . . . August 15, 2021, at 12:11 AM by [[~mkf]]: [==]%0a* [[Bouncer.Konversation]] . . . August 14, 2021, at 02:46 PM by [[~mkf]]: [==]%0a* [[Squirrelmail.Connect]] . . . August 14, 2021, at 04:47 AM by [[~mkf]]: [==]%0a* [[Termius.Connect]] . . . August 14, 2021, at 04:42 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Openhttpd]] . . . August 13, 2021, at 07:29 AM by [[~jrmu]]: [==]%0a* [[ConnectBot.Keys]] . . . August 12, 2021, at 06:58 AM by [[~jrmu]]: [==]%0a* [[Debate.Monopolydanger]] . . . August 11, 2021, at 07:01 PM by [[~mkf]]: [==]%0a* [[ConnectBot.Connect]] . . . August 11, 2021, at 04:34 PM by [[~jrmu]]: [==]%0a* [[Termux.Connect]] . . . August 11, 2021, at 05:28 AM by [[~jrmu]]: [==]%0a* [[Web101.Web101]] . . . August 10, 2021, at 04:20 PM by [[~craziness]]: [=started web101=]%0a* [[Openbsd.Pppoe]] . . . August 10, 2021, at 11:56 AM by [[~mkf]]: [==]%0a* [[MacTerminal.Connect]] . . . August 10, 2021, at 10:33 AM by [[~jrmu]]: [==]%0a* [[Fdroid.Install]] . . . August 10, 2021, at 09:05 AM by [[~jrmu]]: [==]%0a* [[Shell.Sshfingerprints]] . . . August 10, 2021, at 08:55 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Sshkeys]] . . . August 09, 2021, at 04:42 PM by [[~jrmu]]: [==]%0a* [[Vmm.9front]] . . . August 09, 2021, at 06:16 AM by [[~mkf]]: [==]%0a* [[Bouncer.WinIRC]] . . . August 09, 2021, at 06:03 AM by [[~mkf]]: [==]%0a* [[SerFISH.Connect]] . . . August 06, 2021, at 05:05 PM by [[~jrmu]]: [==]%0a* [[Sshwifty.Connect]] . . . August 06, 2021, at 05:00 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Squirrelmail]] . . . August 06, 2021, at 10:32 AM by [[~baytuch]]: [==]%0a* [[Eggdrop.NickServ]] . . . August 05, 2021, at 07:27 AM by [[~jrmu]]: [==]%0a* [[Medals.Intro]] . . . August 04, 2021, at 08:34 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dnszones]] . . . August 03, 2021, at 09:26 AM by [[~jrmu]]: [==]%0a* [[Dns.Zonefile]] . . . August 03, 2021, at 09:21 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Ifconfig]] . . . August 02, 2021, at 12:59 PM by [[~mkf]]: [==]%0a* [[Openbsd.Matterbridge]] . . . August 02, 2021, at 12:33 PM by [[~mkf]]: [==]%0a* [[Znc.I18n]] . . . August 02, 2021, at 09:12 AM by [[~mkf]]: [==]%0a* [[Almanack.Alt]] . . . August 02, 2021, at 07:52 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.Simple]] . . . August 02, 2021, at 07:49 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.Install]] . . . August 02, 2021, at 05:11 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vhost]] . . . August 02, 2021, at 02:32 AM by [[~jrmu]]: [==]%0a* [[Thunderirc.Hardware]] . . . August 01, 2021, at 01:47 PM by [[~jrmu]]: [==]%0a* [[Lecturify.Hardware]] . . . August 01, 2021, at 01:27 PM by [[~jrmu]]: [==]%0a* [[Congress.Procedure]] . . . August 01, 2021, at 06:41 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Chroot]] . . . July 31, 2021, at 02:47 AM by [[~jrmu]]: [==]%0a* [[Syslogd.Remote]] . . . July 30, 2021, at 03:30 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmmuser]] . . . July 29, 2021, at 05:31 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmminstall]] . . . July 29, 2021, at 05:28 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmm]] . . . July 29, 2021, at 05:24 AM by [[~jrmu]]: [==]%0a* [[Openbsd.ZNCAdmin]] . . . July 28, 2021, at 06:14 AM by [[~jrmu]]: [==]%0a* [[Openbsd.ZNCSupport]] . . . July 28, 2021, at 06:14 AM by [[~jrmu]]: [==]%0a* [[ZNC.Troubleshoot]] . . . July 28, 2021, at 06:12 AM by [[~jrmu]]: [==]%0a* [[Znc.Troubleshoot]] . . . July 28, 2021, at 06:11 AM by [[~jrmu]]: [==]%0a* [[Kill.Usage]] . . . July 28, 2021, at 03:42 AM by [[~jrmu]]: [==]%0a* [[Ps.Usage]] . . . July 28, 2021, at 03:42 AM by [[~jrmu]]: [==]%0a* [[Host.Usage]] . . . July 28, 2021, at 01:57 AM by [[~jrmu]]: [==]%0a* [[UsersCategoryMirrory.IRCFreeHomesteadVPS]] . . . July 26, 2021, at 06:12 AM by [[~category_mirror]]: [==]%0a* [[Ircnow.PioneerTldr]] . . . July 26, 2021, at 06:04 AM by [[~jrmu]]: [==]%0a* [[UsersCategoryMirrory.Pioneer]] . . . July 26, 2021, at 04:22 AM by [[~category_mirror]]: [==]%0a* [[Openbsd.Dig]] . . . July 25, 2021, at 06:50 AM by [[~jrmu]]: [==]%0a* [[Openbsd.RDNS]] . . . July 23, 2021, at 06:44 AM by [[~jrmu]]: [==]%0a* [[Bouncer.All]] . . . July 21, 2021, at 06:37 PM by [[~mkf]]: [==]%0a* [[Lemon.Todo]] . . . July 21, 2021, at 06:21 PM by [[~mkf]]: [==]%0a* [[Irc.Guide]] . . . July 21, 2021, at 06:02 PM by [[~mkf]]: [=client -> clients=]%0a* [[Openbsd.Sic]] . . . July 21, 2021, at 05:57 PM by [[~mkf]]: [=first edit.=]%0a* [[Minutemin.Progress]] . . . July 21, 2021, at 08:10 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Openrsync]] . . . July 18, 2021, at 02:01 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Znc]] . . . July 16, 2021, at 10:43 AM by [[~jrmu]]: [==]%0a* [[Netizen.Become]] . . . July 14, 2021, at 09:47 AM by [[~jrmu]]: [==]%0a* [[Freedom.Bearcode]] . . . July 14, 2021, at 09:42 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Staticnet]] . . . July 12, 2021, at 05:48 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Dovecot]] . . . July 12, 2021, at 02:58 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Relayd]] . . . July 12, 2021, at 02:45 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Spf]] . . . July 12, 2021, at 03:08 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Eggdrop]] . . . July 02, 2021, at 03:20 AM by [[~jrmu]]: [==]%0a* [[Openssl.Http]] . . . June 30, 2021, at 04:44 AM by [[~mkf]]: [==]%0a* [[Debate.Oldsoftware]] . . . June 29, 2021, at 03:56 PM by [[~mkf]]: [==]%0a* [[Debate.Xmlflaws]] . . . June 29, 2021, at 03:54 PM by [[~mkf]]: [==]%0a* [[Debate.Wikipediadanger]] . . . June 29, 2021, at 03:51 PM by [[~mkf]]: [==]%0a* [[Debate.DCC]] . . . June 29, 2021, at 03:49 PM by [[~mkf]]: [==]%0a* [[Debate.Matrixflaws]] . . . June 29, 2021, at 03:48 PM by [[~mkf]]: [==]%0a* [[Debate.Webirc]] . . . June 29, 2021, at 03:48 PM by [[~mkf]]: [==]%0a* [[Debate.Nodejstrap]] . . . June 29, 2021, at 03:48 PM by [[~mkf]]: [==]%0a* [[Debate.Ircv3defense]] . . . June 29, 2021, at 03:45 PM by [[~mkf]]: [==]%0a* [[Openbsd.Newdisk]] . . . June 29, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[AndroidEmail.AndroidEmail]] . . . June 29, 2021, at 03:11 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Unbound]] . . . June 27, 2021, at 12:12 PM by [[~jrmu]]: [==]%0a* [[Freedom.Religion]] . . . June 27, 2021, at 02:02 AM by [[~jrmu]]: [==]%0a* [[Freedom.Union]] . . . June 26, 2021, at 01:01 PM by [[~jrmu]]: [==]%0a* [[Freedom.Firstamendment]] . . . June 26, 2021, at 11:45 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dkimproxy]] . . . June 25, 2021, at 12:56 PM by [[~jrmu]]: [==]%0a* [[MIF.Test]] . . . June 25, 2021, at 12:42 PM by [[~nsturtz]]: [==]%0a* [[Openbsd.Sysupgrade69]] . . . June 25, 2021, at 05:46 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Opensmtpd]] . . . June 23, 2021, at 02:21 AM by [[~jrmu]]: [==]%0a* [[Openbsd.NgircdLink]] . . . June 22, 2021, at 07:50 PM by [[~mkf]]: [=delete=]%0a* [[File.File]] . . . June 22, 2021, at 07:43 PM by [[~mkf]]: [=linking=]%0a* [[Debate.Linuxflaws]] . . . June 20, 2021, at 08:03 AM by [[~mkf]]: [=making hyperlinks=]%0a* [[Freedom.Destiny]] . . . June 18, 2021, at 05:31 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Doas]] . . . June 13, 2021, at 01:19 PM by [[~jrmu]]: [==]%0a* [[Freedom.Freedom]] . . . June 13, 2021, at 09:13 AM by [[~jrmu]]: [==]%0a* [[Freedom.Press]] . . . June 13, 2021, at 09:12 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Shell]] . . . June 11, 2021, at 09:36 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Constitution]] . . . June 10, 2021, at 03:48 PM by [[~jrmu]]: [==]%0a* [[Netizen.Rights]] . . . June 10, 2021, at 03:21 PM by [[~jrmu]]: [==]%0a* [[IPv4.Overview]] . . . June 10, 2021, at 10:13 AM by [[~jrmu]]: [==]%0a* [[Ksh.Bash]] . . . June 09, 2021, at 11:31 AM by [[~jrmu]]: [==]%0a* [[PowerShell.Connect]] . . . June 09, 2021, at 11:10 AM by [[~jrmu]]: [==]%0a* [[Code.Code]] . . . June 08, 2021, at 05:24 PM by [[~mkf]]: [=better formating=]%0a* [[Grape.DonateUs]] . . . June 06, 2021, at 03:41 PM by [[~fizi]]: [==]%0a* [[Openbsd.Books]] . . . June 06, 2021, at 12:46 PM by [[~jrmu]]: [==]%0a* [[Grape.Grape]] . . . June 06, 2021, at 11:39 AM by [[~fizi]]: [==]%0a* [[Openbsd.Pfa]] . . . June 06, 2021, at 03:49 AM by [[~navic]]: [==]%0a* [[Vmm.Debian]] . . . June 04, 2021, at 07:48 PM by [[~mkf]]: [="LOL"=]%0a* [[DNS.Dnswl]] . . . June 04, 2021, at 11:11 AM by [[~jrmu]]: [==]%0a* [[Dkim.Dkimsign]] . . . June 04, 2021, at 09:07 AM by [[~jrmu]]: [==]%0a* [[Tor.Torsocks]] . . . June 04, 2021, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Vpn.VpnMac]] . . . June 04, 2021, at 05:40 AM by [[~jrmu]]: [==]%0a* [[HostServ.Rules]] . . . June 01, 2021, at 08:11 AM by [[~jrmu]]: [==]%0a* [[Openbsd.ACKFlood]] . . . May 29, 2021, at 06:20 AM by [[~mkf]]: [==]%0a* [[Openbsd.SSDP]] . . . May 29, 2021, at 06:18 AM by [[~mkf]]: [==]%0a* [[Openbsd.Anycast]] . . . May 29, 2021, at 06:01 AM by [[~mkf]]: [==]%0a* [[Ambassador.Networks]] . . . May 27, 2021, at 04:05 PM by [[~jrmu]]: [==]%0a* [[Marketing.Rules]] . . . May 26, 2021, at 06:15 AM by [[~jrmu]]: [==]%0a* [[Freenode.Power]] . . . May 26, 2021, at 04:38 AM by [[~jrmu]]: [==]%0a* [[Freenode.Money]] . . . May 25, 2021, at 03:29 PM by [[~jrmu]]: [==]%0a* [[Freenode.Takeover]] . . . May 25, 2021, at 05:28 AM by [[~jrmu]]: [==]%0a* [[Freedom.Freenode]] . . . May 25, 2021, at 01:48 AM by [[~jrmu]]: [==]%0a* [[Bouncer.Atomic]] . . . May 24, 2021, at 03:22 PM by [[~mkf]]: [=spacing=]%0a* [[Minetest.Updating]] . . . May 24, 2021, at 08:10 AM by [[~mkf]]: [=monospaced commands=]%0a* [[Shell.Putty]] . . . May 24, 2021, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Vmm.Optimize]] . . . May 19, 2021, at 04:04 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Stable]] . . . May 18, 2021, at 10:15 AM by [[~mkf]]: [==]%0a* [[Ircnow.VicePresident]] . . . May 18, 2021, at 08:15 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Sheriff]] . . . May 18, 2021, at 08:00 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Ambassador]] . . . May 18, 2021, at 07:42 AM by [[~jrmu]]: [==]%0a* [[Pf.Guide]] . . . May 17, 2021, at 03:37 AM by [[~bejelentkezni]]: [==]%0a* [[NewsNow.Install]] . . . May 16, 2021, at 06:49 AM by [[~mkf]]: [="$"=]%0a* [[Tmux.Share]] . . . May 15, 2021, at 02:27 AM by [[~mistera]]: [==]%0a* [[Openbsd.Security]] . . . May 14, 2021, at 03:14 AM by [[~caesar]]: [==]%0a* [[Bouncer.Vision]] . . . May 13, 2021, at 09:47 AM by [[~mkf]]: [=added home page, removed "..."s=]%0a* [[Minetest.Worldbackup]] . . . May 12, 2021, at 11:02 AM by [[~AES]]: [==]%0a* [[Minetest.Texturestyle]] . . . May 12, 2021, at 11:00 AM by [[~AES]]: [==]%0a* [[Minetest.Serverlocations]] . . . May 12, 2021, at 10:59 AM by [[~AES]]: [==]%0a* [[Minetest.Addingarenas]] . . . May 12, 2021, at 10:58 AM by [[~jrmu]]: [==]%0a* [[Relay.Relay]] . . . May 12, 2021, at 09:10 AM by [[~jrmu]]: [==]%0a* [[Ngircd.Install-bej]] . . . May 11, 2021, at 05:26 AM by [[~bejelentkezni]]: [==]%0a* [[Openbsd.Hopm-Arthur]] . . . May 07, 2021, at 12:28 PM by [[~Arthur]]: [==]%0a* [[Znc.Chroot69]] . . . May 06, 2021, at 03:36 AM by [[~bejelentkezni]]: [=back to 6.9 to see real changes=]%0a* [[Freedom.Unix]] . . . April 29, 2021, at 03:39 PM by [[~jrmu]]: [==]%0a* [[Pmwiki.Simpleurl]] . . . April 29, 2021, at 02:46 PM by [[~punk]]: [==]%0a* [[Gpl.Flaws]] . . . April 24, 2021, at 04:56 PM by [[~jrmu]]: [==]%0a* [[Iked.Windows]] . . . April 18, 2021, at 07:38 PM by [[~st13g]]: [==]%0a* [[Freedom.Libertyordeath]] . . . April 17, 2021, at 12:35 PM by [[~jrmu]]: [==]%0a* [[Minetest.Economy]] . . . April 15, 2021, at 02:32 PM by [[~jrmu]]: [==]%0a* [[Vim.Vim]] . . . April 11, 2021, at 11:14 PM by [[~monaco]]: [==]%0a* [[Minutemin.Duty]] . . . April 11, 2021, at 04:53 AM by [[~jrmu]]: [==]%0a* [[License.License]] . . . April 04, 2021, at 02:00 AM by [[~jrmu]]: [==]%0a* [[EthicalSource.HolierThanThou]] . . . April 04, 2021, at 01:56 AM by [[~jrmu]]: [==]%0a* [[Jrmu.Rmsboycott]] . . . April 03, 2021, at 01:36 AM by [[~jrmu]]: [==]%0a* [[Jrmu.Libertyordeath]] . . . April 02, 2021, at 12:56 PM by [[~jrmu]]: [==]%0a* [[Fig.Fig]] . . . March 31, 2021, at 10:15 AM by [[~chewy]]: [==]%0a* [[Coconut.Coconut]] . . . March 29, 2021, at 12:28 PM by [[~jrmu]]: [==]%0a* [[ClawsMail.Connect]] . . . March 29, 2021, at 08:42 AM by [[~miniontoby]]: [==]%0a* [[Freedom.Madeonirc]] . . . March 27, 2021, at 11:48 AM by [[~jrmu]]: [==]%0a* [[Third.Devs]] . . . March 27, 2021, at 11:41 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Code]] . . . March 24, 2021, at 03:26 AM by [[~jrmu]]: [==]%0a* [[Cherry.Todo]] . . . March 23, 2021, at 03:23 PM by [[~Oz]]: [==]%0a* [[Freedom.Independence]] . . . March 22, 2021, at 01:13 PM by [[~wiz]]: [==]%0a* [[Marketing.Founders]] . . . March 20, 2021, at 01:40 AM by [[~jrmu]]: [==]%0a* [[NewsNow.Teams]] . . . March 18, 2021, at 09:47 AM by [[~miniontoby]]: [=banana=]%0a* [[Vhost.Freedns]] . . . March 16, 2021, at 12:22 PM by [[~wiz]]: [==]%0a* [[Marketing.Freedom]] . . . March 15, 2021, at 01:30 PM by [[~jrmu]]: [==]%0a* [[Bsd.Labor]] . . . March 15, 2021, at 06:12 AM by [[~jrmu]]: [==]%0a* [[License.Discriminatory]] . . . March 15, 2021, at 06:12 AM by [[~jrmu]]: [==]%0a* [[Bsd.Hope]] . . . March 14, 2021, at 11:05 PM by [[~jrmu]]: [==]%0a* [[License.Publicdomain]] . . . March 14, 2021, at 10:02 AM by [[~jrmu]]: [==]%0a* [[Linux.Flaws]] . . . March 14, 2021, at 05:13 AM by [[~jrmu]]: [==]%0a* [[NewsNow.Browser]] . . . March 12, 2021, at 08:00 AM by [[~miniontoby]]: [==]%0a* [[Abuse.Code]] . . . March 09, 2021, at 03:44 PM by [[~jrmu]]: [==]%0a* [[Congress.Documents]] . . . March 07, 2021, at 04:50 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Goals]] . . . March 06, 2021, at 09:33 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Chatforce]] . . . March 05, 2021, at 02:15 PM by [[~jrmu]]: [==]%0a* [[Shell.Bash]] . . . March 05, 2021, at 10:19 AM by [[~jrmu]]: [==]%0a* [[User.Welcome]] . . . March 05, 2021, at 07:34 AM by [[~jrmu]]: [==]%0a* [[Immigrant.Welcome]] . . . March 05, 2021, at 06:59 AM by [[~jrmu]]: [==]%0a* [[Mail.Openrelay]] . . . March 04, 2021, at 03:20 PM by [[~jrmu]]: [==]%0a* [[Mail.Test]] . . . March 04, 2021, at 03:07 PM by [[~jrmu]]: [==]%0a* [[Minutemin.Game]] . . . March 04, 2021, at 10:16 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Netizen]] . . . February 28, 2021, at 03:18 PM by [[~jrmu]]: [==]%0a* [[Servers.Rights]] . . . February 28, 2021, at 12:37 PM by [[~jrmu]]: [==]%0a* [[Marketing.Enterprise]] . . . February 28, 2021, at 11:52 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Creed]] . . . February 28, 2021, at 03:21 AM by [[~jrmu]]: [==]%0a* [[Ln.Intro]] . . . February 25, 2021, at 12:20 PM by [[~jrmu]]: [==]%0a* [[Leafnode.Install]] . . . February 25, 2021, at 10:56 AM by [[~jrmu]]: [==]%0a* [[Guava.Todo]] . . . February 23, 2021, at 10:47 AM by [[~quofan]]: [==]%0a* [[Relays.Relays]] . . . February 22, 2021, at 04:22 PM by [[~jrmu]]: [==]%0a* [[PSFTP.Connect]] . . . February 21, 2021, at 03:57 PM by [[~jrmu]]: [==]%0a* [[Outlook.Connect]] . . . February 21, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[AppleMail.Connect]] . . . February 20, 2021, at 04:38 PM by [[~jrmu]]: [==]%0a* [[Thunderbird.Pgp]] . . . February 19, 2021, at 04:44 PM by [[~jrmu]]: [==]%0a* [[License.Ircnow]] . . . February 19, 2021, at 09:45 AM by [[~miniontoby]]: [=2021=]%0a* [[Thunderbird.Connect]] . . . February 19, 2021, at 09:36 AM by [[~jrmu]]: [==]%0a* [[Shell.Mac]] . . . February 19, 2021, at 09:14 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Training]] . . . February 18, 2021, at 06:42 AM by [[~jrmu]]: [==]%0a* [[Freedom.Openforeveryone]] . . . February 16, 2021, at 04:33 AM by [[~jrmu]]: [==]%0a* [[Ircnow.IRCitizen]] . . . February 15, 2021, at 05:32 AM by [[~jrmu]]: [==]%0a* [[IPv6.Overview]] . . . February 14, 2021, at 11:09 AM by [[~jrmu]]: [==]%0a* [[Tcpip.Overview]] . . . February 14, 2021, at 11:02 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Syspatch]] . . . February 14, 2021, at 11:00 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Netadmin]] . . . February 14, 2021, at 10:56 AM by [[~jrmu]]: [==]%0a* [[Marketing.Religion]] . . . February 14, 2021, at 10:37 AM by [[~jrmu]]: [==]%0a* [[Marketing.Independence]] . . . February 13, 2021, at 04:59 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Leafnode]] . . . February 12, 2021, at 01:40 PM by [[~chewy]]: [==]%0a* [[Oidentd.Pylink]] . . . February 12, 2021, at 01:25 PM by [[~jrmu]]: [==]%0a* [[Marketing.Opportunity]] . . . February 11, 2021, at 12:58 PM by [[~jrmu]]: [==]%0a* [[Marketing.Republic]] . . . February 11, 2021, at 06:45 AM by [[~jrmu]]: [==]%0a* [[Achurch.Install]] . . . February 10, 2021, at 04:33 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Pylink]] . . . February 08, 2021, at 08:33 AM by [[~jrmu]]: [==]%0a* [[Ircnow.OpofLiberty]] . . . February 06, 2021, at 12:53 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Allies]] . . . February 06, 2021, at 12:47 PM by [[~jrmu]]: [==]%0a* [[Freedom.Dueprocess]] . . . February 06, 2021, at 12:25 PM by [[~jrmu]]: [==]%0a* [[Freedom.Checks]] . . . February 06, 2021, at 12:21 PM by [[~jrmu]]: [==]%0a* [[Freedom.Rulebylaw]] . . . February 06, 2021, at 12:12 PM by [[~jrmu]]: [==]%0a* [[Freedom.Startupdream]] . . . February 06, 2021, at 12:12 PM by [[~jrmu]]: [==]%0a* [[Freedom.Federation]] . . . February 06, 2021, at 11:44 AM by [[~jrmu]]: [==]%0a* [[Freedom.Selfadmin]] . . . February 06, 2021, at 11:26 AM by [[~jrmu]]: [==]%0a* [[Ircnow.OpsofLiberty]] . . . February 06, 2021, at 02:13 AM by [[~jrmu]]: [==]%0a* [[Freedom.Software]] . . . February 05, 2021, at 11:31 AM by [[~jrmu]]: [==]%0a* [[Freedom.Opportunity]] . . . February 05, 2021, at 08:55 AM by [[~jrmu]]: [==]%0a* [[Unix.Workethic]] . . . February 05, 2021, at 08:49 AM by [[~jrmu]]: [==]%0a* [[Unix.Ethic]] . . . February 05, 2021, at 08:48 AM by [[~jrmu]]: [==]%0a* [[Debate.Privacy]] . . . February 05, 2021, at 07:05 AM by [[~jrmu]]: [==]%0a* [[Team.Policy]] . . . February 04, 2021, at 04:08 PM by [[~jrmu]]: [==]%0a* [[Freedom.Serversrights]] . . . February 04, 2021, at 02:43 PM by [[~jrmu]]: [==]%0a* [[Freedom.Serverrights]] . . . February 04, 2021, at 02:42 PM by [[~jrmu]]: [==]%0a* [[Freedom.Lanofopportunity]] . . . February 04, 2021, at 01:24 PM by [[~jrmu]]: [==]%0a* [[Freedom.Opentoall]] . . . February 04, 2021, at 01:17 PM by [[~jrmu]]: [==]%0a* [[Freedom.Refuge]] . . . February 04, 2021, at 09:31 AM by [[~jrmu]]: [==]%0a* [[Dns.Providers]] . . . February 04, 2021, at 04:27 AM by [[~jrmu]]: [==]%0a* [[Guava.Guava]] . . . February 03, 2021, at 02:30 AM by [[~st13g]]: [==]%0a* [[Openbsd.Stable]] . . . February 02, 2021, at 02:25 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Base64]] . . . February 02, 2021, at 06:37 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Unboundadblock]] . . . February 02, 2021, at 04:29 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Pfbadhost]] . . . February 02, 2021, at 04:29 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Delphinusdnsd]] . . . February 02, 2021, at 01:51 AM by [[~jrmu]]: [==]%0a* [[Mango.Mango]] . . . January 31, 2021, at 12:01 PM by [[~nix]]: [==]%0a* [[Openbsd.Abuse]] . . . January 31, 2021, at 05:33 AM by [[~jrmu]]: [==]%0a* [[Freedom.Censorship]] . . . January 31, 2021, at 05:23 AM by [[~jrmu]]: [==]%0a* [[Debate.Firstamendment]] . . . January 31, 2021, at 05:20 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Phishing]] . . . January 31, 2021, at 05:02 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Audit]] . . . January 31, 2021, at 04:46 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ongoing]] . . . January 31, 2021, at 01:19 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Partners]] . . . January 31, 2021, at 12:32 AM by [[~jrmu]]: [==]%0a* [[Orange.Todo]] . . . January 30, 2021, at 11:31 AM by [[~jrmu]]: [==]%0a* [[Pear.Pear]] . . . January 29, 2021, at 06:09 PM by [[~dennis]]: [==]%0a* [[Openbsd.Httpopenproxy]] . . . January 29, 2021, at 11:01 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Zncadmin]] . . . January 29, 2021, at 10:00 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Rbldns]] . . . January 29, 2021, at 05:45 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Setuid]] . . . January 28, 2021, at 06:53 AM by [[~jrmu]]: [==]%0a* [[Openbsd.PFTesting]] . . . January 25, 2021, at 03:28 PM by [[~jrmu]]: [==]%0a* [[Openbsd.ZNCDaily]] . . . January 25, 2021, at 11:35 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Irssi]] . . . January 25, 2021, at 07:08 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Sysadmins]] . . . January 24, 2021, at 10:36 AM by [[~jrmu]]: [==]%0a* [[Debate.UnixPhilosophy]] . . . January 18, 2021, at 05:05 AM by [[~category_mirror]]: [==]%0a* [[Openbsd.XTerm]] . . . January 17, 2021, at 01:48 PM by [[~miniontoby]]: [=copyright=]%0a* [[UsersCategoryMirrory.Statement]] . . . January 17, 2021, at 02:44 AM by [[~category_mirror]]: [==]%0a* [[Email.Outlook]] . . . January 16, 2021, at 05:13 PM by [[~Zouheir]]: [==]%0a* [[Plum.Todo]] . . . January 16, 2021, at 12:09 AM by [[~st13g]]: [==]%0a* [[Debate.Ipsec]] . . . January 13, 2021, at 10:39 AM by [[~jrmu]]: [==]%0a* [[Plum.Plum]] . . . January 12, 2021, at 03:02 PM by [[~wiz]]: [==]%0a* [[Openbsd.Slrn]] . . . January 12, 2021, at 02:40 PM by [[~Noxturnix]]: [==]%0a* [[OpenBSD.CPAN]] . . . January 12, 2021, at 01:48 PM by [[~Dima]]: [==]%0a* [[Jujube.Todo]] . . . January 11, 2021, at 05:13 PM by [[~fizi]]: [==]%0a* [[Ircnow.Ilines]] . . . January 11, 2021, at 09:55 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Netcat]] . . . January 09, 2021, at 02:20 PM by [[~jrmu]]: [==]%0a* [[OpenBSD.Perl]] . . . January 09, 2021, at 02:04 PM by [[~dima]]: [==]%0a* [[Openbsd.Perl]] . . . January 09, 2021, at 01:52 PM by [[~jrmu]]: [==]%0a* [[Fig.Log]] . . . January 07, 2021, at 11:23 AM by [[~dima]]: [=test=]%0a* [[Fig.Todo]] . . . January 06, 2021, at 01:06 PM by [[~jrmu]]: [==]%0a* [[Grape.Todo]] . . . January 06, 2021, at 01:05 PM by [[~jrmu]]: [==]%0a* [[Pear.Todo]] . . . January 06, 2021, at 01:05 PM by [[~jrmu]]: [==]%0a* [[Jujube.Team]] . . . January 06, 2021, at 01:04 PM by [[~jrmu]]: [==]%0a* [[Mango.Todo]] . . . January 06, 2021, at 01:04 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Censorship]] . . . January 06, 2021, at 03:01 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Pentesters]] . . . January 05, 2021, at 11:17 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Coders]] . . . January 05, 2021, at 11:11 AM by [[~jrmu]]: [==]%0a* [[Banana.Todo]] . . . January 04, 2021, at 09:41 AM by [[~miniontoby]]: [=znc=]%0a* [[Users.CategoryMirrory]] . . . January 04, 2021, at 01:10 AM by [[~category_mirror]]: [==]%0a* [[UsersCategoryMirrory.Test]] . . . January 03, 2021, at 08:17 PM by [[~category_mirrory]]: [==]%0a* [[Users.Categorymirrory]] . . . January 03, 2021, at 08:12 PM by [[~category_mirrory]]: [=wrong caps=]%0a* [[Banana.Banana]] . . . January 03, 2021, at 02:39 PM by [[~miniontoby]]: [==]%0a* [[Orange.Orange]] . . . January 03, 2021, at 02:10 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Backup]] . . . January 03, 2021, at 01:46 PM by [[~jrmu]]: [==]%0a* [[Debate.Appledanger]] . . . January 02, 2021, at 01:35 AM by [[~jrmu]]: [==]%0a* [[Grape.Tasks]] . . . January 01, 2021, at 07:52 PM by [[~fizi]]: [==]%0a* [[Ircnow.Helpers]] . . . January 01, 2021, at 04:36 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Finances]] . . . January 01, 2021, at 04:15 AM by [[~jrmu]]: [==]%0a* [[Tutorial.Tutorial]] . . . January 01, 2021, at 03:25 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Testing]] . . . December 30, 2020, at 12:58 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Sshbackdoor]] . . . December 30, 2020, at 12:14 PM by [[~jrmu]]: [==]%0a* [[Mango.Packages]] . . . December 30, 2020, at 10:48 AM by [[~nix]]: [==]%0a* [[Ircnow.Contact]] . . . December 30, 2020, at 03:18 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Pf-bnc]] . . . December 29, 2020, at 06:30 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Partners2]] . . . December 29, 2020, at 02:52 PM by [[~jrmu]]: [==]%0a* [[Debate.Mozilladanger]] . . . December 27, 2020, at 03:05 AM by [[~jrmu]]: [==]%0a* [[Debate.Controlcomputer]] . . . December 27, 2020, at 03:02 AM by [[~jrmu]]: [==]%0a* [[Debate.Facebookdanger]] . . . December 27, 2020, at 03:01 AM by [[~jrmu]]: [==]%0a* [[Debate.Slackdanger]] . . . December 27, 2020, at 02:56 AM by [[~jrmu]]: [==]%0a* [[Debate.Freespeech]] . . . December 27, 2020, at 02:36 AM by [[~jrmu]]: [==]%0a* [[Debate.Ethicalflaws]] . . . December 27, 2020, at 02:31 AM by [[~jrmu]]: [==]%0a* [[Debate.Hatespeech]] . . . December 27, 2020, at 02:20 AM by [[~jrmu]]: [==]%0a* [[Debate.Monero]] . . . December 27, 2020, at 02:02 AM by [[~jrmu]]: [==]%0a* [[Debate.WhyNotC]] . . . December 26, 2020, at 06:43 PM by [[~searchsocial]]: [==]%0a* [[Debate.Python]] . . . December 26, 2020, at 06:21 PM by [[~jrmu]]: [==]%0a* [[Debate.Cash]] . . . December 26, 2020, at 06:18 PM by [[~jrmu]]: [==]%0a* [[Debate.Uberdanger]] . . . December 26, 2020, at 06:16 PM by [[~jrmu]]: [==]%0a* [[Debate.Microsoftdanger]] . . . December 26, 2020, at 06:15 PM by [[~jrmu]]: [==]%0a* [[Debate.Accessibility]] . . . December 26, 2020, at 06:14 PM by [[~jrmu]]: [==]%0a* [[Debate.Zoomdanger]] . . . December 26, 2020, at 06:08 PM by [[~jrmu]]: [==]%0a* [[Shell.Applications]] . . . December 19, 2020, at 06:21 PM by [[~fizi]]: [==]%0a* [[Third.Dillo]] . . . December 19, 2020, at 01:52 PM by [[~jrmu]]: [==]%0a* [[Third.Basilisk]] . . . December 19, 2020, at 01:38 PM by [[~jrmu]]: [==]%0a* [[Third.Directory]] . . . December 19, 2020, at 01:35 PM by [[~jrmu]]: [==]%0a* [[Guava.Packages]] . . . December 19, 2020, at 06:14 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Amplification]] . . . December 19, 2020, at 05:42 AM by [[~jrmu]]: [==]%0a* [[Openbsd.UDPFlood]] . . . December 18, 2020, at 10:39 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Tcpackflood]] . . . December 17, 2020, at 10:36 AM by [[~jrmu]]: [==]%0a* [[Openbsd.RSTFlood]] . . . December 17, 2020, at 10:34 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Tcpresetflood]] . . . December 17, 2020, at 10:34 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ssdp]] . . . December 15, 2020, at 12:59 PM by [[~jrmu]]: [==]%0a* [[Bouncer.Igloo]] . . . December 14, 2020, at 09:39 AM by [[~Noxturnix]]: [==]%0a* [[Main.Terms]] . . . December 13, 2020, at 01:35 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Pf]] . . . December 13, 2020, at 12:03 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install68]] . . . December 13, 2020, at 10:13 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade67]] . . . December 13, 2020, at 04:02 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade68]] . . . December 11, 2020, at 10:27 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dokuwiki]] . . . December 10, 2020, at 02:23 PM by [[~miniontoby]]: [=code blocks fixed=]%0a* [[Openbsd.Acme-client]] . . . December 09, 2020, at 06:47 PM by [[~miniontoby]]: [=fixed troubleshooting links=]%0a* [[Freedom.Christian]] . . . December 08, 2020, at 01:12 AM by [[~jrmu]]: [==]%0a* [[Freedom.Finances]] . . . December 08, 2020, at 01:04 AM by [[~jrmu]]: [==]%0a* [[Shell.Sshkeys]] . . . December 07, 2020, at 10:36 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Install67]] . . . December 06, 2020, at 11:03 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Buyvm]] . . . December 06, 2020, at 02:42 AM by [[~jrmu]]: [==]%0a* [[Opernbsd.Buyvm]] . . . December 04, 2020, at 12:06 PM by [[~jrmu]]: [==]%0a* [[Bouncer.WeeChat]] . . . December 02, 2020, at 12:43 PM by [[~jrmu]]: [==]%0a* [[Bouncer.SimpleIRC]] . . . December 02, 2020, at 12:31 PM by [[~jrmu]]: [==]%0a* [[Freedom.Militia]] . . . December 02, 2020, at 04:18 AM by [[~jrmu]]: [==]%0a* [[Third.Third]] . . . December 01, 2020, at 01:49 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Oidentd]] . . . November 30, 2020, at 11:42 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Helper]] . . . November 28, 2020, at 02:21 AM by [[~jrmu]]: [==]%0a* [[Bouncer.Hexchat]] . . . November 27, 2020, at 12:52 PM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloud]] . . . November 24, 2020, at 11:53 AM by [[~jrmu]]: [==]%0a* [[Bouncer.AdiIRC]] . . . November 24, 2020, at 11:42 AM by [[~jrmu]]: [==]%0a* [[Bouncer.RevolutionIRC]] . . . November 24, 2020, at 11:35 AM by [[~jrmu]]: [==]%0a* [[Bouncer.KiwiIRC]] . . . November 24, 2020, at 11:34 AM by [[~jrmu]]: [==]%0a* [[Bouncer.KVIrc]] . . . November 24, 2020, at 11:33 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IceChat]] . . . November 24, 2020, at 11:27 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloudiOS]] . . . November 24, 2020, at 11:20 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloudAndroid]] . . . November 24, 2020, at 11:20 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloudWeb]] . . . November 24, 2020, at 11:19 AM by [[~jrmu]]: [==]%0a* [[Third.Catalog]] . . . November 23, 2020, at 07:52 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Checklist]] . . . November 20, 2020, at 12:44 AM by [[~gry]]: [=+=]%0a* [[Openbsd.Acopm]] . . . November 04, 2020, at 03:32 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Achurch]] . . . November 04, 2020, at 02:25 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Vi]] . . . November 04, 2020, at 12:51 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Sudo]] . . . November 04, 2020, at 12:38 PM by [[~jrmu]]: [==]%0a* [[Freedom.Denomination]] . . . October 23, 2020, at 09:20 AM by [[~jrmu]]: [==]%0a* [[Vps.Intro]] . . . October 10, 2020, at 08:22 AM by [[~jrmu]]: [==]%0a* [[Ircweb.Ircweb]] . . . October 05, 2020, at 01:10 AM by [[~jrmu]]: [==]%0a* [[Http2irc.Http2irc]] . . . October 05, 2020, at 01:04 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Easyapp]] . . . September 29, 2020, at 12:13 PM by [[~jrmu]]: [==]%0a* [[Orange.Nl]] . . . September 17, 2020, at 08:43 AM by [[~miniontoby]]: [=Dutch correct page=]%0a* [[Grape.Guide]] . . . September 16, 2020, at 08:42 AM by [[~baytuch]]: [==]%0a* [[Orange.Id]] . . . September 08, 2020, at 09:51 AM by [[~gry]]: [=+=]%0a* [[Orange.Ru]] . . . September 07, 2020, at 11:29 PM by [[~gry]]: [=+=]%0a* [[Bouncer.MIRC]] . . . September 06, 2020, at 03:59 AM by [[~jrmu]]: [==]%0a* [[Debate.Bncnow]] . . . September 04, 2020, at 04:36 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Cgit]] . . . September 01, 2020, at 05:51 PM by [[~baytuch]]: [==]%0a* [[Orange.Notes]] . . . August 27, 2020, at 03:38 AM by [[~gry]]: [=expanded=]%0a* [[Shell.ShellSSHKEYS]] . . . August 25, 2020, at 10:00 PM by [[~gry]]: [=permissions added=]%0a* [[Bouncer.Irccloud]] . . . August 24, 2020, at 12:20 PM by [[~jrmu]]: [==]%0a* [[GrapeTeam.Tracker]] . . . August 24, 2020, at 10:16 AM by [[~gry]]: [=+=]%0a* [[GrapeTeam.GrapeTeam]] . . . August 24, 2020, at 10:13 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Course]] . . . August 21, 2020, at 05:01 AM by [[~gry]]: [==]%0a* [[Openbsd.Bchs]] . . . August 20, 2020, at 07:11 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Todo]] . . . August 20, 2020, at 06:48 AM by [[~jrmu]]: on_is_active php_session_active squirrelmailing sqsession_start troubleshooting authentication session_status config_default webmail_access modifications configuration unfortunately accessibility administrator webmail_error compatibility acceleration default_pref organization replacement disposition alternative information sourceforge permissions certificate interactive configuring preferences letsencrypt development compatible javascript configtest connection additional nameserver configured afterwards extracting attempting installing documents complains openhttpd functions localhost opensmtpd challenge supported subdomain receiving databases recommend necessary following languages delimiter directory debugging fusername essential addresses installed chrooted smtphost projects browsers normally location provides tlsmulti 26214400 required remember original security listener optional settings sendmail properly software specific licensed messages brackets instance writable services browsing defaults drawback continue opening control dovecot fastcgi already contact defines example initial unbound folders unusual request plugins general command servers defined private options however records contrib include restart because nologin disable exiting keypair baytuch strings misused charset appears content instead openbsd release sending mt_rand another subject version tarball warning charlie without changes resolve foxtrot uploads written client relayd needed return logout syntax longer cannot latest htdocs braces rather offset typing before themes ircnow frames across making should switch please detect secure invert readme global create update system locale report serial delete femail myname daemon lookup socket number errors trying issues actual stable inline attach master reload touch could color chown check chmod needs first intro shell rcctl php74 mkdir books hosts write above https there false using might every ascii happy delta curly array fatal bravo query where since which setup exist works notes saved files press alpha enter means class block title index chain strip lines known worry based ifend about zones this doas 2001 imap will well page your real acme make sure that aaaa ipv4 does fccf want 1008 2602 than sbin chsh help bind body some copy runs both must logs like when ctrl type echo xvzf find uses html many wiki easy fees more exec text once were have made mime done next move into ipv6 pop3 menu sign quit full motd hide give edit time www ssl etc var 127 day see has 162 bad gpl 451 fix ksh 644 zip its 755 ftp net way crt 634 usr 403 src nsd fpm dns max few db8 143 via by gz 22 cd rx 38 87 mv 80 9
-time=1731470982
+rev=13928
+text=* [[Almanack.Almanack]] . . . @2024-11-14T04:59:40Z by [[~SplinTer]]: [==]%0a* [[Openhttpd.Tls]] . . . @2024-11-14T02:49:41Z by [[~jrmu]]: [==]%0a* [[Almanack.AdvancedMailServerSetup]] . . . @2024-11-14T02:28:19Z by [[~SplinTer]]: [==]%0a* [[Adminforces.Training]] . . . @2024-11-14T02:26:05Z by [[~jrmu]]: [==]%0a* [[Kill.Usage]] . . . @2024-11-14T02:25:25Z by [[~jrmu]]: [==]%0a* [[Ps.Usage]] . . . @2024-11-14T02:20:50Z by [[~jrmu]]: [==]%0a* [[Acme-client.Configure]] . . . @2024-11-14T01:57:55Z by [[~jrmu]]: [==]%0a* [[Tls.San]] . . . @2024-11-14T01:37:31Z by [[~jrmu]]: [==]%0a* [[Almanack.SystemStatsSh]] . . . @2024-11-14T01:29:56Z by [[~SplinTer]]: [==]%0a* [[Almanack.DumpBackupWithSCP]] . . . @2024-11-14T01:29:32Z by [[~SplinTer]]: [==]%0a* [[Almanack.SetupMailServer]] . . . @2024-11-13T04:07:16Z by [[~SplinTer]]: [==]%0a* [[Roundcube.Install]] . . . @2024-11-13T03:34:24Z by [[~SplinTer]]: [==]%0a* [[Tls.Intro]] . . . @2024-11-13T03:07:59Z by [[~jrmu]]: [==]%0a* [[Openbsd.Php]] . . . @2024-11-13T02:56:57Z by [[~jrmu]]: [==]%0a* [[Netcat.Http]] . . . @2024-11-13T02:55:05Z by [[~jrmu]]: [==]%0a* [[Telnet.Http]] . . . @2024-11-13T02:01:34Z by [[~jrmu]]: [==]%0a* [[Openhttpd.Configure]] . . . @2024-11-12T06:25:34Z by [[~jrmu]]: [==]%0a* [[Chroot.Intro]] . . . @2024-11-12T04:30:16Z by [[~jrmu]]: [==]%0a* [[Freedom.Fork]] . . . @2024-11-12T03:57:04Z by [[~jrmu]]: [==]%0a* [[Lists.Ircnow]] . . . @2024-11-12T03:50:10Z by [[~jrmu]]: [==]%0a* [[Openbsd.Pkg]] . . . @2024-11-12T03:47:43Z by [[~jrmu]]: [==]%0a* [[FwUpdate.Usage]] . . . @2024-11-12T03:31:04Z by [[~jrmu]]: [=Fix markup and add -da example=]%0a* [[Main.HomePage]] . . . @2024-11-12T02:47:35Z by [[~jrmu]]: [==]%0a* [[Syspatch.Syspatch]] . . . @2024-11-12T02:09:33Z by [[~jrmu]]: [==]%0a* [[Doas.Configure]] . . . @2024-11-12T02:03:55Z by [[~jrmu]]: [==]%0a* [[Site.SideBar]] . . . @2024-11-12T01:55:50Z by [[~jrmu]]: [==]%0a* [[Minutemin.Questions]] . . . @2024-11-12T01:50:32Z by [[~jrmu]]: [==]%0a* [[Ircnow.Howtoask]] . . . @2024-11-12T01:50:20Z by [[~jrmu]]: [==]%0a* [[Ssh.Fingerprints]] . . . @2024-11-12T01:39:20Z by [[~jrmu]]: [==]%0a* [[Top.Usage]] . . . @2024-11-12T01:02:53Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade76]] . . . @2024-11-12T00:59:48Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade]] . . . @2024-11-11T22:26:24Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade76]] . . . @2024-11-11T22:10:26Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade]] . . . @2024-11-11T21:29:29Z by [[~jrmu]]: [==]%0a* [[Openbsd.CPAN]] . . . @2024-10-26T06:59:30Z by [[~izzyb]]: [==]%0a* [[Psybnc.Install]] . . . @2024-10-21T22:34:19Z by [[~jrmu]]: [==]%0a* [[Wg.Hosting]] . . . @2024-10-19T21:25:34Z by [[~moocow]]: [=Configure WireGuard without NAT=]%0a* [[SiteAdmin.AuthUser]] . . . @2024-10-19T21:12:22Z by [[~jrmu]]: [==]%0a* [[Ircnow.9force]] . . . @2024-10-06T06:10:36Z by [[~jrmu]]: [==]%0a* [[ZNC.Admin]] . . . @2024-10-03T10:18:17Z by [[~tomglok]]: [==]%0a* [[Opensmtpd.Test]] . . . @2024-09-25T23:45:59Z by [[~jrmu]]: [==]%0a* [[Opensmtpd.Maildir]] . . . @2024-09-22T21:17:38Z by [[~jrmu]]: [==]%0a* [[Vmm.Configure]] . . . @2024-09-21T19:26:31Z by [[~jrmu]]: [==]%0a* [[Ambassador.Ilines]] . . . @2024-09-20T18:20:36Z by [[~tomglok]]: [=update ipv4 addresses=]%0a* [[Opensmtpd.Lmtp]] . . . @2024-09-19T00:19:23Z by [[~jrmu]]: [==]%0a* [[Minutemin.Bootcamp]] . . . @2024-09-19T00:19:05Z by [[~jrmu]]: [==]%0a* [[Opensmtpd.Vmail]] . . . @2024-09-19T00:18:01Z by [[~jrmu]]: [==]%0a* [[Netcat.SMTP]] . . . @2024-09-18T23:43:53Z by [[~jrmu]]: [==]%0a* [[Opensmtpd.Configure]] . . . @2024-09-18T05:11:11Z by [[~jrmu]]: [==]%0a* [[Nsd.Configure]] . . . @2024-09-18T05:00:35Z by [[~jrmu]]: [=Remove references to ircnow=]%0a* [[Openbsd.Dmarc]] . . . @2024-09-15T00:39:01Z by [[~jrmu]]: [==]%0a* [[Iked.Roadwarrior]] . . . @2024-09-11T19:18:33Z by [[~barth]]: [=missing code tag=]%0a* [[Openbsd.FilePermissions]] . . . @2024-09-08T16:58:57Z by [[~tomglok]]: [=change from # chmod -R ... to # find ... so that the /etc/mail directory retains mode 0755=]%0a* [[Crontab.Edit]] . . . @2024-09-06T12:28:31Z by [[~barth]]: [=correct mistake in the 0 * * * * * example=]%0a* [[Awk.Usage]] . . . @2024-09-05T20:06:13Z by [[~barth]]: [==]%0a* [[Sed.Usage]] . . . @2024-09-05T19:08:41Z by [[~barth]]: [==]%0a* [[Openbsd.Gotweb]] . . . @2024-09-05T15:52:57Z by [[~barth]]: [=update page, as gotweb is replaced by gotwebd=]%0a* [[Got.Server]] . . . @2024-09-04T21:31:30Z by [[~barth]]: [=directory creation was missing=]%0a* [[Ipmi.Java]] . . . @2024-08-28T06:34:49Z by [[~jrmu]]: [==]%0a* [[Znc.Chroot]] . . . @2024-08-24T01:56:57Z by [[~jrmu]]: [==]%0a* [[Unbound.Configure]] . . . @2024-08-23T18:48:55Z by [[~barth]]: [=Add adblock section=]%0a* [[Ircnow.Media]] . . . @2024-08-23T06:29:40Z by [[~jrmu]]: [==]%0a* [[OpenBSD.OnOVH]] . . . @2024-08-22T00:54:43Z by [[~entrex]]: [==]%0a* [[Dns.Vhost]] . . . @2024-08-19T19:54:07Z by [[~barth]]: [=fix redundancy=]%0a* [[DNS.SPF]] . . . @2024-08-19T19:38:19Z by [[~barth]]: [=fix missing word=]%0a* [[Ifconfig.Change]] . . . @2024-08-15T18:12:15Z by [[~barth]]: [=fixed typo in subnet mask hexadecimal representation=]%0a* [[Dhcpd.Configure]] . . . @2024-08-15T16:30:33Z by [[~barth]]: [==]%0a* [[Dig.Usage]] . . . @2024-08-15T15:48:29Z by [[~barth]]: [==]%0a* [[IP.Myaddress]] . . . @2024-08-15T15:29:41Z by [[~barth]]: [==]%0a* [[Relayd.Acceleration]] . . . @2024-08-14T19:11:18Z by [[~barth]]: [==]%0a* [[Ircnow.Explorer]] . . . @2024-08-14T14:01:58Z by [[~jrmu]]: [==]%0a* [[Ircnow.Novem]] . . . @2024-08-14T13:44:41Z by [[~jrmu]]: [==]%0a* [[Openhttpd.Website]] . . . @2024-08-13T16:38:36Z by [[~barth]]: [==]%0a* [[Ircnow.Codeforce]] . . . @2024-08-10T19:43:34Z by [[~jrmu]]: [==]%0a* [[Ircnow.CodeForce]] . . . @2024-08-10T19:38:23Z by [[~jrmu]]: [==]%0a* [[Sshd.Disablepassword]] . . . @2024-08-07T03:52:17Z by [[~LohanG]]: [=corrected a typo=]%0a* [[Iked.Binat]] . . . @2024-08-06T22:30:44Z by [[~jrmu]]: [==]%0a* [[C101.C101]] . . . @2024-08-01T18:05:37Z by [[~jrmu]]: [==]%0a* [[Tcpbench.Usage]] . . . @2024-07-30T15:34:27Z by [[~jrmu]]: [==]%0a* [[Bouncer.Bouncer]] . . . @2024-07-28T22:09:16Z by [[~quiliro]]: [= Summary: Emacs ERC details=]%0a* [[Iked.Android]] . . . @2024-07-26T17:22:44Z by [[~jrmu]]: [==]%0a* [[Iked.Roadwarriorvmm]] . . . @2024-07-25T07:29:51Z by [[~jrmu]]: [==]%0a* [[Iked.Sitetosite]] . . . @2024-07-25T06:04:47Z by [[~jrmu]]: [==]%0a* [[Tor.Irc]] . . . @2024-07-25T01:47:57Z by [[~entrex]]: [=Update irc.ircforever.org's Tor address=]%0a* [[Email.Email]] . . . @2024-07-20T14:36:06Z by [[~jrmu]]: [==]%0a* [[Vpn.Vpn]] . . . @2024-07-20T14:35:25Z by [[~jrmu]]: [==]%0a* [[Unix.Reading]] . . . @2024-07-20T05:08:40Z by [[~jrmu]]: [==]%0a* [[Iked.Sitetositevmm]] . . . @2024-07-19T05:45:54Z by [[~jrmu]]: [==]%0a* [[Ospfd.Configure]] . . . @2024-07-18T22:22:50Z by [[~jrmu]]: [==]%0a* [[Irc.Clients]] . . . @2024-07-16T01:09:48Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Wg]] . . . @2024-07-16T01:06:09Z by [[~jrmu]]: [==]%0a* [[Netcat.Usage]] . . . @2024-07-15T14:51:49Z by [[~jrmu]]: [==]%0a* [[Iked.Configure]] . . . @2024-07-15T06:22:31Z by [[~jrmu]]: [==]%0a* [[Ripd.Configure]] . . . @2024-07-14T01:27:04Z by [[~jrmu]]: [==]%0a* [[Nat.Configure]] . . . @2024-07-13T16:13:34Z by [[~jrmu]]: [==]%0a* [[Profiles.Jrmu]] . . . @2024-07-13T05:55:06Z by [[~jrmu]]: [==]%0a* [[Jrmu.Bio]] . . . @2024-07-13T05:54:20Z by [[~jrmu]]: [==]%0a* [[Route.Static]] . . . @2024-07-12T14:28:06Z by [[~jrmu]]: [==]%0a* [[Wordpress.Install]] . . . @2024-07-08T01:02:48Z by [[~jrmu]]: [=merge changes from matt and mkf from openbsd/wordpress=]%0a* [[Openbsd.Wordpress]] . . . @2024-07-08T01:02:14Z by [[~jrmu]]: [==]%0a* [[Openssl.Cert]] . . . @2024-07-07T17:38:34Z by [[~jrmu]]: [==]%0a* [[Sshd.Chroot]] . . . @2024-07-05T15:54:11Z by [[~jrmu]]: [==]%0a* [[Openrsync.Chroot]] . . . @2024-07-04T06:00:51Z by [[~jrmu]]: [==]%0a* [[Openbsd.Loginconf]] . . . @2024-07-04T05:54:38Z by [[~jrmu]]: [==]%0a* [[Ssh.Chroot]] . . . @2024-07-04T05:42:21Z by [[~jrmu]]: [==]%0a* [[Rsync.Usage]] . . . @2024-07-04T05:21:34Z by [[~jrmu]]: [==]%0a* [[Openrsync.Usage]] . . . @2024-07-04T04:57:23Z by [[~jrmu]]: [==]%0a* [[Vps.Vps]] . . . @2024-07-01T01:20:12Z by [[~jrmu]]: [==]%0a* [[Gre.6in4vmm]] . . . @2024-06-30T15:57:13Z by [[~jrmu]]: [==]%0a* [[Gre.6in4]] . . . @2024-06-29T08:42:26Z by [[~jrmu]]: [==]%0a* [[Gre.6in4nat]] . . . @2024-06-29T05:50:45Z by [[~jrmu]]: [==]%0a* [[Openbsd.Identd]] . . . @2024-06-22T00:11:09Z by [[~jrmu]]: [==]%0a* [[Identd.Configure]] . . . @2024-06-22T00:10:57Z by [[~jrmu]]: [==]%0a* [[Buyvm.Routedsubnet]] . . . @2024-06-21T19:14:32Z by [[~jrmu]]: [==]%0a* [[Ircnow.Hosting]] . . . @2024-06-20T15:58:23Z by [[~jrmu]]: [==]%0a* [[Team.Team]] . . . @2024-06-20T15:57:03Z by [[~jrmu]]: [==]%0a* [[Password.Words]] . . . @2024-06-19T01:11:41Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Wifitoethernet]] . . . @2024-06-18T21:23:08Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Wifi]] . . . @2024-06-18T21:04:56Z by [[~jrmu]]: [==]%0a* [[Openbsd.BBB]] . . . @2024-06-18T16:13:57Z by [[~jrmu]]: [=Update version=]%0a* [[Sftp.Chroot]] . . . @2024-06-18T06:52:08Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Hostap]] . . . @2024-06-18T06:03:26Z by [[~jrmu]]: [==]%0a* [[Vlan.Configure]] . . . @2024-06-17T07:47:29Z by [[~jrmu]]: [==]%0a* [[Vmm.Plan9]] . . . @2024-06-16T06:28:55Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Vlan]] . . . @2024-06-14T21:55:43Z by [[~jrmu]]: [==]%0a* [[Freedom.Radio]] . . . @2024-06-12T17:45:33Z by [[~jrmu]]: [==]%0a* [[Sshd.Configure]] . . . @2024-06-12T00:43:49Z by [[~jrmu]]: [==]%0a* [[Team.Federation]] . . . @2024-06-11T04:59:07Z by [[~Yiming]]: [=update=]%0a* [[Opensmtpd.Inbox]] . . . @2024-06-09T17:27:48Z by [[~jrmu]]: [==]%0a* [[Openbsd.Pmwiki]] . . . @2024-06-09T07:24:14Z by [[~LohanG]]: [=Updated the current Pmwiki versoin =]%0a* [[Profiles.Xfnw]] . . . @2024-06-09T02:05:47Z by [[~xfnw]]: [==]%0a* [[Openbsd.Sysctl]] . . . @2024-06-08T22:23:31Z by [[~jrmu]]: [==]%0a* [[Cvsweb.Restore]] . . . @2024-06-08T16:40:18Z by [[~jrmu]]: [==]%0a* [[Shell.Cronjobs]] . . . @2024-06-06T17:56:05Z by [[~jrmu]]: [==]%0a* [[Cron.Suppressmail]] . . . @2024-06-06T17:55:41Z by [[~jrmu]]: [==]%0a* [[Ksh.History]] . . . @2024-06-06T17:00:05Z by [[~jrmu]]: [==]%0a* [[Ksh.Editor]] . . . @2024-06-06T16:28:18Z by [[~jrmu]]: [=Credit to mkf and Naglfar for writing parts of these guides=]%0a* [[Openbsd.Tcpdump]] . . . @2024-06-05T05:50:43Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Veb]] . . . @2024-06-04T07:44:16Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Vether]] . . . @2024-06-04T07:25:53Z by [[~jrmu]]: [==]%0a* [[MountNfs.Usage]] . . . @2024-06-03T09:52:35Z by [[~mkf]]: [==]%0a* [[Openhttpd.Hosting]] . . . @2024-06-02T00:45:01Z by [[~LohanG]]: [=corrected a link to httpd man page=]%0a* [[Hostnameif.Autoconf]] . . . @2024-06-01T23:39:30Z by [[~jrmu]]: [==]%0a* [[Rad.Configure]] . . . @2024-06-01T20:26:13Z by [[~jrmu]]: [==]%0a* [[Znc.Patch]] . . . @2024-06-01T16:45:30Z by [[~jrmu]]: [==]%0a* [[Ircnow.Adminforces]] . . . @2024-06-01T15:57:43Z by [[~jrmu]]: [==]%0a* [[Ircnow.Minutemin]] . . . @2024-06-01T15:57:28Z by [[~jrmu]]: [==]%0a* [[Route.Hostnameif]] . . . @2024-05-31T06:17:03Z by [[~jrmu]]: [==]%0a* [[Hostnameif.Static]] . . . @2024-05-30T23:03:07Z by [[~jrmu]]: [==]%0a* [[Unbound.LAN]] . . . @2024-05-30T13:02:25Z by [[~Posterdati]]: [==]%0a* [[Marketing.Recruit]] . . . @2024-05-29T12:39:26Z by [[~jrmu]]: [==]%0a* [[Ircnow.Team]] . . . @2024-05-29T12:08:42Z by [[~jrmu]]: [==]%0a* [[Ifconfig.Usage]] . . . @2024-05-29T11:30:14Z by [[~jrmu]]: [=thanks to mkf on August 02, 2021, at 12:59 PM=]%0a* [[Ifconfig.Ifconfig]] . . . @2024-05-29T11:29:55Z by [[~jrmu]]: [==]%0a* [[Donations.Donations]] . . . @2024-05-28T16:38:16Z by [[~jrmu]]: [==]%0a* [[Oidentd.Changeident]] . . . @2024-05-28T00:11:37Z by [[~jrmu]]: [==]%0a* [[Znc.Support]] . . . @2024-05-28T00:07:46Z by [[~jrmu]]: [==]%0a* [[Znc.Admin]] . . . @2024-05-28T00:06:29Z by [[~jrmu]]: [==]%0a* [[Minetest.Minetest]] . . . @2024-05-27T22:43:44Z by [[~jrmu]]: [==]%0a* [[Irc101.Irc101]] . . . @2024-05-27T22:41:28Z by [[~jrmu]]: [==]%0a* [[Dns.Troubleshooting]] . . . @2024-05-27T21:55:36Z by [[~jrmu]]: [==]%0a* [[Nsd.Troubleshoot]] . . . @2024-05-27T21:55:08Z by [[~jrmu]]: [==]%0a* [[Bgpd.Configure]] . . . @2024-05-27T21:44:19Z by [[~jrmu]]: [==]%0a* [[Route.Sourceaddr]] . . . @2024-05-22T23:31:46Z by [[~jrmu]]: [==]%0a* [[Hosts.Configure]] . . . @2024-05-21T07:59:04Z by [[~mkf]]: [=Promote what is in the base :)=]%0a* [[Openbsd.Ed]] . . . @2024-05-21T07:58:21Z by [[~mkf]]: [==]%0a* [[Ircnow.Hardware]] . . . @2024-05-19T21:48:37Z by [[~jrmu]]: [==]%0a* [[Oddprotocol.Hardware]] . . . @2024-05-19T21:45:29Z by [[~jrmu]]: [==]%0a* [[Bsdforall.Hardware]] . . . @2024-05-19T21:41:54Z by [[~jrmu]]: [==]%0a* [[Nastycode.Hardware]] . . . @2024-05-19T20:46:34Z by [[~jrmu]]: [==]%0a* [[Planetofnix.Hardware]] . . . @2024-05-19T20:45:03Z by [[~jrmu]]: [==]%0a* [[Marketing.Memes]] . . . @2024-05-16T18:05:04Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade75]] . . . @2024-05-11T06:39:58Z by [[~jrmu]]: [==]%0a* [[Ircnow.Services]] . . . @2024-05-10T16:12:29Z by [[~izzyb]]: [==]%0a* [[Openbsd.Biboumi]] . . . @2024-05-10T09:13:51Z by [[~mkf]]: [=udns doesn't seem to work in ircnow.org since upgrade to 7.5, i don't know why.=]%0a* [[Openbsd.Drawtermssh]] . . . @2024-05-10T07:08:07Z by [[~mkf]]: [==]%0a* [[OpenBSD.Iked]] . . . @2024-05-10T06:58:23Z by [[~mkf]]: [==]%0a* [[Openbsd.Dump]] . . . @2024-05-07T17:10:33Z by [[~jrmu]]: [==]%0a* [[Freedom.Homestead]] . . . @2024-05-06T05:49:56Z by [[~jrmu]]: [==]%0a* [[Openbsd.Restore]] . . . @2024-05-05T22:30:23Z by [[~jrmu]]: [==]%0a* [[Debate.Providers]] . . . @2024-05-04T04:13:44Z by [[~Yonle]]: [==]%0a* [[Openbsd.Prosody]] . . . @2024-05-02T13:20:46Z by [[~mkf]]: [==]%0a* [[DNS.MTA-STS]] . . . @2024-05-01T17:38:03Z by [[~jrmu]]: [==]%0a* [[Openbsd.Fstab]] . . . @2024-04-30T13:00:51Z by [[~mkf]]: [=mention ro=]%0a* [[Ffs.Intro]] . . . @2024-04-30T12:56:49Z by [[~mkf]]: [=hehe=]%0a* [[Gnus.Connect]] . . . @2024-04-30T12:31:49Z by [[~mkf]]: [==]%0a* [[Dovecot.Install]] . . . @2024-04-26T23:55:07Z by [[~sylv1a]]: [=fix find command to also lock down dirs=]%0a* [[Openbsd.Mlmmj]] . . . @2024-04-25T18:41:36Z by [[~izzyb]]: [==]%0a* [[Ln.Shell]] . . . @2024-04-24T16:07:14Z by [[~jrmu]]: [==]%0a* [[Mariadb.Install]] . . . @2024-04-13T18:06:28Z by [[~mkf]]: [==]%0a* [[Openbsd.Openbsd]] . . . @2024-04-13T18:02:19Z by [[~mkf]]: [==]%0a* [[Fics.Admin]] . . . @2024-04-12T19:01:58Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade75]] . . . @2024-04-11T20:42:45Z by [[~jrmu]]: [==]%0a* [[Ircnow.Milestones]] . . . @2024-04-11T19:29:33Z by [[~jrmu]]: [==]%0a* [[Ambassador.Markets]] . . . @2024-04-11T17:15:42Z by [[~jrmu]]: [==]%0a* [[Swapctl.Usage]] . . . @2024-04-11T07:06:24Z by [[~jrmu]]: [==]%0a* [[Disklabel.Usage]] . . . @2024-04-11T06:49:54Z by [[~jrmu]]: [==]%0a* [[Newfs.Usage]] . . . @2024-04-11T06:20:14Z by [[~jrmu]]: [==]%0a* [[Mount.Usage]] . . . @2024-04-11T06:19:40Z by [[~jrmu]]: [==]%0a* [[Fdisk.Usage]] . . . @2024-04-11T00:09:58Z by [[~jrmu]]: [==]%0a* [[Openbsd.Disklabel]] . . . @2024-04-10T23:43:12Z by [[~jrmu]]: [==]%0a* [[Disklabel.Partitioning]] . . . @2024-04-10T23:22:13Z by [[~jrmu]]: [==]%0a* [[Softraid.Install]] . . . @2024-04-09T23:30:49Z by [[~jrmu]]: [==]%0a* [[Softraid.Rebuild]] . . . @2024-04-09T21:56:59Z by [[~jrmu]]: [==]%0a* [[Openbsd.Backups]] . . . @2024-04-09T21:50:28Z by [[~jrmu]]: [==]%0a* [[Openbsd.Fdisk]] . . . @2024-04-09T21:33:33Z by [[~jrmu]]: [==]%0a* [[Openbsd.Psybnc]] . . . @2024-04-09T19:14:35Z by [[~jrmu]]: [==]%0a* [[Vmctl.Usage]] . . . @2024-04-09T05:30:55Z by [[~jrmu]]: [==]%0a* [[Vmm.Install]] . . . @2024-04-09T05:16:01Z by [[~jrmu]]: [==]%0a* [[Vmm.Intro]] . . . @2024-04-09T01:30:50Z by [[~jrmu]]: [==]%0a* [[Openssl.Check]] . . . @2024-04-08T20:30:49Z by [[~jrmu]]: [==]%0a* [[Openbsd.Snac]] . . . @2024-04-08T16:30:46Z by [[~Yonle]]: [==]%0a* [[Openbsd.Install75]] . . . @2024-04-07T22:53:36Z by [[~jrmu]]: [==]%0a* [[Openbsd.Install]] . . . @2024-04-07T22:28:53Z by [[~jrmu]]: [==]%0a* [[Atactl.Usage]] . . . @2024-04-07T10:57:16Z by [[~mkf]]: [=add sleep command=]%0a* [[Vmctl.Disk]] . . . @2024-04-06T23:08:15Z by [[~jrmu]]: [==]%0a* [[Vmctl.Reinstall]] . . . @2024-04-06T22:59:10Z by [[~jrmu]]: [==]%0a* [[Openbsd.Outofmemory]] . . . @2024-04-06T21:03:39Z by [[~jrmu]]: [==]%0a* [[Dmesg.Usage]] . . . @2024-04-06T20:15:54Z by [[~jrmu]]: [==]%0a* [[Openbsd.Dmesg]] . . . @2024-04-06T20:15:22Z by [[~jrmu]]: [==]%0a* [[Vps.Users]] . . . @2024-04-06T19:10:58Z by [[~Posterdati]]: [==]%0a* [[Profiles.Yiming]] . . . @2024-04-06T04:59:28Z by [[~Yiming]]: [=Create New Page=]%0a* [[Openbsd.Singleuser]] . . . @2024-04-03T23:51:20Z by [[~jrmu]]: [==]%0a* [[Hostname.Usage]] . . . @2024-04-03T23:38:15Z by [[~jrmu]]: [==]%0a* [[Openbsd.Hier]] . . . @2024-04-03T23:23:13Z by [[~jrmu]]: [==]%0a* [[Openbsd.Intro]] . . . @2024-04-03T20:32:26Z by [[~jrmu]]: [==]%0a* [[Dd.Iso]] . . . @2024-04-03T20:30:21Z by [[~jrmu]]: [==]%0a* [[Resolv.Conf]] . . . @2024-04-03T20:09:08Z by [[~jrmu]]: [==]%0a* [[Openbsd.Localtime]] . . . @2024-04-03T16:39:46Z by [[~jrmu]]: [==]%0a* [[Openbsd.Bootconf]] . . . @2024-04-03T07:35:48Z by [[~jrmu]]: [==]%0a* [[Chess.Chess]] . . . @2024-04-01T01:40:42Z by [[~maxxe]]: [==]%0a* [[Router.Hardware]] . . . @2024-03-31T23:16:50Z by [[~jrmu]]: [==]%0a* [[Sysop.Hardware]] . . . @2024-03-31T22:05:27Z by [[~jrmu]]: [==]%0a* [[Ircnow.Servers]] . . . @2024-03-31T21:59:17Z by [[~jrmu]]: [==]%0a* [[Bouncer.Thunderbird]] . . . @2024-03-30T12:51:26Z by [[~Yiming]]: [=Update=]%0a* [[Openbsd.Akkoma]] . . . @2024-03-25T04:31:17Z by [[~Yonle]]: [==]%0a* [[Openbsd.Pleroma]] . . . @2024-03-25T04:30:19Z by [[~Yonle]]: [==]%0a* [[Relayd.Wss]] . . . @2024-03-20T22:13:08Z by [[~jrmu]]: [=Thanks to miniontoby!=]%0a* [[OpenSSH.Connect]] . . . @2024-03-16T21:22:07Z by [[~jrmu]]: [==]%0a* [[Rcd.Configure]] . . . @2024-03-14T14:14:37Z by [[~geze]]: [==]%0a* [[Ngircd.Link]] . . . @2024-03-14T09:25:10Z by [[~geze]]: [==]%0a* [[Pf.Bittorrent]] . . . @2024-03-13T03:17:53Z by [[~jrmu]]: [==]%0a* [[Openbsd.Rcctl]] . . . @2024-03-09T18:16:03Z by [[~geze]]: [==]%0a* [[Openbsd.Ngircd]] . . . @2024-03-09T16:35:20Z by [[~geze]]: [==]%0a* [[Dns.Overview]] . . . @2024-02-20T00:38:00Z by [[~jrmu]]: [==]%0a* [[Bouncer.Erc]] . . . @2024-02-19T19:25:28Z by [[~kiliro]]: [=Add better format Summary: Add better formatin=]%0a* [[Openbsd.Icecast]] . . . @2024-02-12T17:38:08Z by [[~mkf]]: [=minor changes=]%0a* [[Cwm.Configure]] . . . @2024-02-10T20:34:56Z by [[~jrmu]]: [==]%0a* [[9.Drawterm]] . . . @2024-02-10T17:15:50Z by [[~jrmu]]: [==]%0a* [[Wsconsctl.Usage]] . . . @2024-02-10T06:50:02Z by [[~jrmu]]: [==]%0a* [[Irc.Easy]] . . . @2024-02-04T18:52:09Z by [[~jrmu]]: [==]%0a* [[Almanack.TheloungeWebircClient]] . . . @2024-02-01T13:39:12Z by [[~SplinTer]]: [==]%0a* [[Openbsd.Panic]] . . . @2024-01-20T22:18:08Z by [[~jrmu]]: [==]%0a* [[Openssh.Totp]] . . . @2024-01-16T07:17:39Z by [[~jrmu]]: [==]%0a* [[Unix101.Unix101]] . . . @2024-01-11T17:22:18Z by [[~jrmu]]: [==]%0a* [[Atheme.Install]] . . . @2024-01-01T15:24:17Z by [[~rahl]]: [=Atheme is written in C=]%0a* [[Rio.Customize]] . . . @2023-12-30T21:33:22Z by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade74]] . . . @2023-12-28T21:05:35Z by [[~jrmu]]: [==]%0a* [[Email.Lists]] . . . @2023-12-26T20:16:01Z by [[~jrmu]]: [==]%0a* [[Xboard.Connect]] . . . @2023-12-26T01:05:55Z by [[~jrmu]]: [==]%0a* [[I2Pd.Install]] . . . @2023-12-20T06:00:49Z by [[~Yonle]]: [==]%0a* [[9C.Exits]] . . . @2023-12-18T15:10:37Z by [[~mkf]]: [==]%0a* [[Openbsd.Bitlbee]] . . . @2023-12-18T10:06:57Z by [[~mkf]]: [==]%0a* [[9.Authsrv]] . . . @2023-12-18T09:11:44Z by [[~mkf]]: [=delete empty page=]%0a* [[Bouncer.Icechat]] . . . @2023-12-18T09:09:46Z by [[~mkf]]: [=remove duplicate article (see Bouncer.IceChat)=]%0a* [[Ircnow.SSHFingerprints]] . . . @2023-12-17T18:47:56Z by [[~jrmu]]: [==]%0a* [[Vmm.UbuntuIso]] . . . @2023-12-04T20:16:51Z by [[~jrmu]]: [==]%0a* [[Vmm.Sysupgrade]] . . . @2023-12-02T14:59:55Z by [[~jrmu]]: [==]%0a* [[Shelllabs.Openaccess]] . . . @2023-12-01T03:16:51Z by [[~hed0x]]: [==]%0a* [[Profiles.Tcache]] . . . @2023-11-30T02:41:15Z by [[~Tcache]]: [==]%0a* [[Openbsd.Wraith]] . . . @2023-11-25T18:49:17Z by [[~jrmu]]: [==]%0a* [[Openbsd.Host]] . . . @2023-11-24T22:51:07Z by [[~jrmu]]: [==]%0a* [[Hunchentoot.Install]] . . . @2023-11-24T19:50:41Z by [[~Posterdati]]: [==]%0a* [[Openbsd.Install73]] . . . @2023-11-18T05:32:17Z by [[~jrmu]]: [==]%0a* [[Openbsd.Install74]] . . . @2023-11-18T05:06:51Z by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade74]] . . . @2023-11-16T00:15:28Z by [[~jrmu]]: [==]%0a* [[Openbsd.Tcltls]] . . . @2023-11-06T20:19:24Z by [[~jrmu]]: [==]%0a* [[Olympics.Games]] . . . @2023-11-05T18:39:36Z by [[~jrmu]]: [==]%0a* [[Team.Security]] . . . @2023-11-04T18:45:38Z by [[~jrmu]]: [==]%0a* [[Linux.Reading]] . . . @2023-11-01T03:47:13Z by [[~jrmu]]: [==]%0a* [[Shelllabs.Tools]] . . . @2023-10-28T17:41:59Z by [[~hed0x]]: [==]%0a* [[Shelllabs.Intro]] . . . @2023-10-28T17:04:45Z by [[~redrum88]]: [==]%0a* [[Openbsd.PFStable]] . . . @2023-10-27T19:07:16Z by [[~sylv1a]]: [=Revise ICMP section in accordance with RFCs. Fix icmp6 syntax issue.=]%0a* [[Ircnow.Roadmap2024]] . . . @2023-10-23T03:33:27Z by [[~jrmu]]: [==]%0a* [[Ircnow.Roadmap]] . . . @2023-10-23T03:02:14Z by [[~jrmu]]: [==]%0a* [[DNS.DKIM]] . . . @2023-10-19T19:11:28Z by [[~sylv1a]]: [=Add this note here too (already present in DNS.Mail)=]%0a* [[DNS.Mail]] . . . @2023-10-19T19:09:57Z by [[~sylv1a]]: [=Change so _dkimsign is used for /etc/mail/dkim. _dovecot never needs to access that folder.=]%0a* [[Pmwiki.Replace]] . . . @2023-10-19T17:19:19Z by [[~sylv1a]]: [=Fix IndentationError, although the script seems to have other issues (blank output)=]%0a* [[Police.Intro]] . . . @2023-10-08T05:05:25Z by [[~jrmu]]: [==]%0a* [[Unbound.DNSSEC]] . . . @2023-10-08T02:32:13Z by [[~sylv1a]]: [=nitpick: Restart/Reload rather than Restart/reload=]%0a* [[Openbsd.Hopm-NowWithInit]] . . . @2023-10-07T05:20:56Z by [[~Maddie]]: [=[Minor]: Cleaned ansible code for more efficency.=]%0a* [[C.Cprimer]] . . . @2023-10-05T18:57:29Z by [[~jrmu]]: [==]%0a* [[Tor.Hidden]] . . . @2023-10-04T18:19:36Z by [[~sylv1a]]: [=Add authorization section for hidden services=]%0a* [[Dns.TroubleshootingDNS]] . . . @2023-10-03T06:23:08Z by [[~jrmu]]: [==]%0a* [[Openbsd.Anope]] . . . @2023-10-03T02:51:27Z by [[~jrmu]]: [==]%0a* [[9.Ramfs]] . . . @2023-09-27T15:43:55Z by [[~jrmu]]: [==]%0a* [[Ngircd.Loginconf]] . . . @2023-09-22T14:40:06Z by [[~Yonle]]: [=Probably need some revertion.=]%0a* [[Hosting.Providers]] . . . @2023-09-12T04:58:26Z by [[~jrmu]]: [==]%0a* [[Got.Repo]] . . . @2023-09-10T23:25:41Z by [[~jrmu]]: [==]%0a* [[Ircnow.Roadmap2023]] . . . @2023-09-06T07:48:43Z by [[~jrmu]]: [==]%0a* [[9.9pideas]] . . . @2023-09-03T18:58:43Z by [[~jrmu]]: [==]%0a* [[9.9gridchan]] . . . @2023-09-03T06:16:25Z by [[~jrmu]]: [==]%0a* [[9.Acmemail]] . . . @2023-09-01T18:05:18Z by [[~jrmu]]: [==]%0a* [[9.Account]] . . . @2023-09-01T17:09:51Z by [[~zleap]]: [==]%0a* [[9.Date]] . . . @2023-09-01T13:46:05Z by [[~jrmu]]: [==]%0a* [[9.Shell]] . . . @2023-08-27T18:52:33Z by [[~jrmu]]: [==]%0a* [[9.Why9]] . . . @2023-08-25T17:15:16Z by [[~jrmu]]: [==]%0a* [[9.Splinternet]] . . . @2023-08-24T02:31:30Z by [[~jrmu]]: [==]%0a* [[9.PKI]] . . . @2023-08-23T19:47:46Z by [[~jrmu]]: [==]%0a* [[9.IP]] . . . @2023-08-23T00:12:14Z by [[~jrmu]]: [==]%0a* [[9.Inter9]] . . . @2023-08-23T00:11:11Z by [[~jrmu]]: [==]%0a* [[9.Irc]] . . . @2023-08-22T14:15:24Z by [[~xfnw]]: [=spelling=]%0a* [[9.Rcpu]] . . . @2023-08-21T17:21:54Z by [[~jrmu]]: [==]%0a* [[9.FNS]] . . . @2023-08-19T17:30:06Z by [[~jrmu]]: [==]%0a* [[9.PNS]] . . . @2023-08-19T17:05:01Z by [[~jrmu]]: [==]%0a* [[Shelllabs.Reading]] . . . @2023-08-17T18:18:38Z by [[~jrmu]]: [==]%0a* [[9C.Intro]] . . . @2023-08-15T22:57:20Z by [[~mkf]]: [==]%0a* [[Hw.X230]] . . . @2023-08-15T12:46:43Z by [[~mkf]]: [==]%0a* [[9.Reading]] . . . @2023-08-14T02:37:46Z by [[~jrmu]]: [==]%0a* [[Netcat.Irc]] . . . @2023-08-07T01:37:18Z by [[~xfnw]]: [=correct (unused) USER parameters=]%0a* [[Openbsd.Sysupgrade71]] . . . @2023-07-27T20:09:43Z by [[~xfnw]]: [=using both -U and -u at the same time is pointless=]%0a* [[Profiles.Yonle]] . . . @2023-07-17T15:08:57Z by [[~Yonle]]: [==]%0a* [[Openbsd.ZNCModules]] . . . @2023-07-16T20:56:32Z by [[~izzyb]]: [=Added links to more modules=]%0a* [[Pbug.Bio]] . . . @2023-07-08T13:53:57Z by [[~pbug]]: [==]%0a* [[Vmm.DebianIso]] . . . @2023-07-05T19:58:36Z by [[~TheLion]]: [==]%0a* [[Certbot.Nginx]] . . . @2023-07-04T13:58:54Z by [[~Yonle]]: [==]%0a* [[Pf.Vpn]] . . . @2023-07-04T05:59:40Z by [[~jrmu]]: [==]%0a* [[Ircnow.Perl]] . . . @2023-07-02T21:08:34Z by [[~izzyb]]: [==]%0a* [[Shelllabs.Manifesto]] . . . @2023-07-02T18:39:22Z by [[~jrmu]]: [==]%0a* [[Vpn.VpnIos]] . . . @2023-07-01T21:21:46Z by [[~jrmu]]: [==]%0a* [[Terms.Terms]] . . . @2023-06-30T14:35:54Z by [[~jrmu]]: [==]%0a* [[Team.Announce]] . . . @2023-06-29T23:11:19Z by [[~jrmu]]: [==]%0a* [[Openbsd.Orangepi3lts]] . . . @2023-06-12T00:06:06Z by [[~jrmu]]: [==]%0a* [[Openbsd.Xenodm]] . . . @2023-06-11T16:30:39Z by [[~Posterdati]]: [=OpenBSD, xorg, xenodm, monitors=]%0a* [[Team.Welcome]] . . . @2023-06-10T15:37:17Z by [[~jrmu]]: [==]%0a* [[Ircnow.Education]] . . . @2023-06-10T06:13:37Z by [[~jrmu]]: [==]%0a* [[DNS.RDNS]] . . . @2023-06-10T05:27:27Z by [[~jacobk]]: [=fix link to Ipv6rdns=]%0a* [[Ngircd.Sins]] . . . @2023-06-09T20:20:11Z by [[~jrmu]]: [==]%0a* [[Ngircd.Bugs]] . . . @2023-06-09T19:46:55Z by [[~jrmu]]: [==]%0a* [[Jujube.Jujube]] . . . @2023-06-08T21:38:47Z by [[~Naglfar]]: [=Update domain name=]%0a* [[Ikiwiki.Install]] . . . @2023-06-07T22:48:44Z by [[~jrmu]]: [==]%0a* [[Shell.Limits]] . . . @2023-06-06T20:12:08Z by [[~jrmu]]: [==]%0a* [[Openbsd.Hopm]] . . . @2023-06-06T05:52:47Z by [[~Yonle]]: [==]%0a* [[Freedom.Universal]] . . . @2023-05-31T19:02:56Z by [[~jrmu]]: [==]%0a* [[Openbsd.Gnost-relay]] . . . @2023-05-31T10:53:55Z by [[~Yonle]]: [=There's a reason why i connect to IPv6 instead of IPv4=]%0a* [[Tmux.Config]] . . . @2023-05-29T03:16:54Z by [[~izzyb]]: [=cleanup and added instructions for changing tmux hotkey from ^b:=]%0a* [[Got.RemoteRepo]] . . . @2023-05-28T04:26:48Z by [[~izzyb]]: [==]%0a* [[Freedom.Privacy]] . . . @2023-05-22T19:09:22Z by [[~jrmu]]: [==]%0a* [[Psotnic.Install]] . . . @2023-05-22T16:03:20Z by [[~devune]]: [==]%0a* [[Vmm.DevuanIso]] . . . @2023-05-21T18:54:36Z by [[~pbug]]: [==]%0a* [[Ngircd.Ircnow]] . . . @2023-05-19T21:54:04Z by [[~izzyb]]: [=Setup to match Ianj's version.=]%0a* [[NewsNow.NewsNow]] . . . @2023-05-18T12:51:42Z by [[~miniontoby]]: [==]%0a* [[Nsd.Masterslave]] . . . @2023-05-18T10:44:43Z by [[~Naglfar]]: [==]%0a* [[Botnow.Install]] . . . @2023-05-09T19:17:22Z by [[~izzyb]]: [=added bots tag=]%0a* [[Bouncer.Ircrc]] . . . @2023-05-09T04:40:42Z by [[~jrmu]]: [==]%0a* [[WikiTips.Cookbooks]] . . . @2023-05-04T21:30:21Z by [[~izzyb]]: [==]%0a* [[Openbsd.MlmmjWebArchiver]] . . . @2023-05-04T00:33:10Z by [[~izzyb]]: [=Added missing instructions for installing mhonarc=]%0a* [[Bots.Basicbot]] . . . @2023-04-30T21:47:44Z by [[~izzyb]]: [=fixed missing ; in my $mod={}=]%0a* [[Bots.BasicbotWiki]] . . . @2023-04-30T02:59:37Z by [[~izzyb]]: [=Initial post=]%0a* [[Openhttpd.Perl]] . . . @2023-04-29T22:38:05Z by [[~izzyb]]: [==]%0a* [[Perl101.Perl101]] . . . @2023-04-29T22:34:22Z by [[~izzyb]]: [==]%0a* [[Tmux.Tmux]] . . . @2023-04-29T21:32:15Z by [[~izzyb]]: [=Initial wikigroup page with pagelist and links to other related tools=]%0a* [[Hardware.Ps2]] . . . @2023-04-28T08:01:37Z by [[~mkf]]: [==]%0a* [[Hardware.Ethernet]] . . . @2023-04-26T04:23:15Z by [[~mkf]]: [=importing this new found information, thanks cinap.=]%0a* [[9.Cheatsheet]] . . . @2023-04-26T04:06:46Z by [[~jrmu]]: [==]%0a* [[Mutt.Connect]] . . . @2023-04-23T20:19:43Z by [[~jrmu]]: [==]%0a* [[WikiTips.GroupsTagsCategories]] . . . @2023-04-22T16:12:01Z by [[~izzyb]]: [==]%0a* [[WikiTips.WikiFormatting]] . . . @2023-04-22T06:27:30Z by [[~izzyb]]: [==]%0a* [[WikiTips.WikiGroups]] . . . @2023-04-22T06:04:14Z by [[~izzyb]]: [==]%0a* [[WikiTips.WikiTips]] . . . @2023-04-22T05:11:04Z by [[~izzyb]]: [==]%0a* [[WikiTips.InterMap]] . . . @2023-04-22T04:41:45Z by [[~izzyb]]: [=Tips for using interMap links to other data sources=]%0a* [[Cherry.Cherry]] . . . @2023-04-22T03:53:28Z by [[~izzyb]]: [==]%0a* [[Botnow.Botnow]] . . . @2023-04-22T02:20:54Z by [[~izzyb]]: [==]%0a* [[Bouncer.Irssi]] . . . @2023-04-22T00:51:13Z by [[~izzyb]]: [==]%0a* [[Bots.Translator]] . . . @2023-04-21T15:29:21Z by [[~forero]]: [==]%0a* [[Course-unix100.Course-unix100]] . . . @2023-04-21T04:08:32Z by [[~izzyb]]: [==]%0a* [[Sylpheed.Connect]] . . . @2023-04-20T06:21:36Z by [[~initfree]]: [==]%0a* [[Eggdrop191.Install]] . . . @2023-04-19T16:03:48Z by [[~jrmu]]: [=updated version number=]%0a* [[WikiTips.Markup]] . . . @2023-04-19T04:01:20Z by [[~izzyb]]: [=Added notes on markdown cookbook=]%0a* [[OpenSSH.Keygen]] . . . @2023-04-19T00:30:11Z by [[~izzyb]]: [=softened the language on setting a passphrase to 'should set' instead of 'always set'=]%0a* [[Password.Schemes]] . . . @2023-04-17T20:46:42Z by [[~izzyb]]: [==]%0a* [[Openbsd.KnownIssues]] . . . @2023-04-10T22:02:38Z by [[~izzyb]]: [==]%0a* [[Fics.Install]] . . . @2023-04-08T01:47:11Z by [[~jrmu]]: [==]%0a* [[Chess.Limitsbot]] . . . @2023-04-02T01:49:23Z by [[~jrmu]]: [==]%0a* [[Relayd.TLSMulti]] . . . @2023-03-31T14:16:54Z by [[~jrmu]]: [==]%0a* [[Chess.Tournament]] . . . @2023-03-28T00:50:21Z by [[~jrmu]]: [==]%0a* [[Bots.Bots]] . . . @2023-03-25T04:16:10Z by [[~izzyb]]: [==]%0a* [[Eggdrop.Eggdrop]] . . . @2023-03-25T04:12:34Z by [[~izzyb]]: [==]%0a* [[Eggdrop.DuckHunt]] . . . @2023-03-25T04:11:04Z by [[~izzyb]]: [==]%0a* [[Eggdrop.BotZNC]] . . . @2023-03-25T04:10:26Z by [[~izzyb]]: [==]%0a* [[Eggdrop184.Install]] . . . @2023-03-25T04:04:13Z by [[~izzyb]]: [==]%0a* [[Bots.Botnow]] . . . @2023-03-24T17:57:43Z by [[~izzyb]]: [=Added redirect link for botnow=]%0a* [[9.9p]] . . . @2023-03-23T12:00:13Z by [[~mkf]]: [==]%0a* [[Openbsd.Upgrade72]] . . . @2023-03-22T02:48:07Z by [[~izzyb]]: [=Simple stub to upgrade68=]%0a* [[Openbsd.Upgrade69]] . . . @2023-03-22T02:45:25Z by [[~izzyb]]: [==]%0a* [[Openbsd.Upgrade71]] . . . @2023-03-22T01:24:24Z by [[~izzyb]]: [==]%0a* [[Openbsd.Upgrade70]] . . . @2023-03-22T01:23:31Z by [[~izzyb]]: [==]%0a* [[Openbsd.Upgrade68]] . . . @2023-03-22T01:19:01Z by [[~izzyb]]: [=Added drop screen definitions and info re sysupgrade=]%0a* [[Terms.Privacy]] . . . @2023-03-21T20:09:01Z by [[~mkf]]: [==]%0a* [[Eggdrop.TCLErorrWhileExecutingPackage]] . . . @2023-03-21T03:01:23Z by [[~GuardiaN]]: [==]%0a* [[Xmpp.Xmpp]] . . . @2023-03-20T16:59:36Z by [[~izzyb]]: [==]%0a* [[Letsencrypt.Expired]] . . . @2023-03-19T03:46:41Z by [[~xfnw]]: [=add command for counting certs=]%0a* [[Hardware.Psp]] . . . @2023-03-16T18:44:50Z by [[~mkf]]: [==]%0a* [[Cloud9p.Roadmap]] . . . @2023-03-16T09:29:23Z by [[~mkf]]: [==]%0a* [[Pgp.Create]] . . . @2023-03-13T14:54:27Z by [[~baytuch]]: [=Added export pub key=]%0a* [[OpenBSD.Cheatsheet]] . . . @2023-03-12T09:52:16Z by [[~Yonle]]: [==]%0a* [[9front.Netsurf]] . . . @2023-03-10T15:08:21Z by [[~Yonle]]: [==]%0a* [[Dovecot.SharedMailboxes]] . . . @2023-03-10T14:16:57Z by [[~izzyb]]: [==]%0a* [[Squirrelmail.Install]] . . . @2023-03-10T00:33:25Z by [[~pos]]: [==]%0a* [[FreeIRC.About]] . . . March 05, 2023, at 03:51 PM by [[~kilroy]]: [==]%0a* [[Openbsd.OpenTracker]] . . . March 03, 2023, at 04:37 PM by [[~baytuch]]: [==]%0a* [[Oidentd.ZNC]] . . . February 28, 2023, at 02:34 AM by [[~jrmu]]: [==]%0a* [[Stagit.Install]] . . . February 26, 2023, at 05:24 PM by [[~fossdev]]: [==]%0a* [[Oidentd.Install]] . . . February 26, 2023, at 01:59 AM by [[~jrmu]]: [=Revert erroneous change=]%0a* [[Baytuch.Bio]] . . . February 17, 2023, at 12:00 PM by [[~baytuch]]: [==]%0a* [[Openbsd.Plermoa]] . . . February 16, 2023, at 04:52 AM by [[~Yonle]]: [=Redirect=]%0a* [[Akkoma.Install]] . . . February 09, 2023, at 12:49 PM by [[~Yonle]]: [==]%0a* [[Google.Sins]] . . . February 08, 2023, at 05:13 AM by [[~Yonle]]: [==]%0a* [[Debate.Googledanger]] . . . February 08, 2023, at 05:01 AM by [[~Yonle]]: [==]%0a* [[Debate.Outreachkids]] . . . February 08, 2023, at 04:34 AM by [[~Yonle]]: [==]%0a* [[Openbsd.Mosh]] . . . February 07, 2023, at 11:30 AM by [[~Yonle]]: [==]%0a* [[Route.Usage]] . . . February 06, 2023, at 02:38 PM by [[~mkf]]: [==]%0a* [[Mkf.Wikiv1]] . . . February 06, 2023, at 02:31 PM by [[~mkf]]: [==]%0a* [[Debate.Openweb]] . . . February 06, 2023, at 02:15 PM by [[~Yonle]]: [==]%0a* [[Debate.Youtubedanger]] . . . February 06, 2023, at 02:10 PM by [[~Yonle]]: [==]%0a* [[Paster.Install]] . . . February 06, 2023, at 10:22 AM by [[~mkf]]: [==]%0a* [[Anope.Install]] . . . February 06, 2023, at 09:46 AM by [[~mkf]]: [==]%0a* [[Password.Hashes]] . . . February 04, 2023, at 07:27 AM by [[~izzyb]]: [=formatting fixes=]%0a* [[Chess.Chessgogi]] . . . February 04, 2023, at 03:49 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Passwords]] . . . February 03, 2023, at 07:49 PM by [[~izzyb]]: [==]%0a* [[Password.Management]] . . . February 03, 2023, at 07:44 PM by [[~izzyb]]: [==]%0a* [[DNS.Ipv4rDNS]] . . . February 01, 2023, at 08:31 PM by [[~izzyb]]: [=added note to clarify what address needs to be specified.=]%0a* [[Dovecot.SharedFolders]] . . . January 31, 2023, at 06:03 AM by [[~izzyb]]: [=renaming to sharedMailboxes=]%0a* [[Soju.Install]] . . . January 24, 2023, at 11:29 AM by [[~mkf]]: [=minor changes on style=]%0a* [[Lilywhitebot.Install]] . . . January 24, 2023, at 11:23 AM by [[~mkf]]: [==]%0a* [[SendMoneyToSplinter0616Outlook.Com]] . . . January 24, 2023, at 11:19 AM by [[~mkf]]: [==]%0a* [[Biboumi.Install]] . . . January 20, 2023, at 08:10 PM by [[~mkf]]: [==]%0a* [[Texlive.Install]] . . . January 20, 2023, at 08:05 PM by [[~mkf]]: [==]%0a* [[Rcctl.Rcctl]] . . . January 20, 2023, at 08:00 PM by [[~mkf]]: [==]%0a* [[Hopm.Install]] . . . January 20, 2023, at 07:32 PM by [[~mkf]]: [==]%0a* [[Openbsd.Unrealircd]] . . . January 20, 2023, at 07:27 PM by [[~mkf]]: [==]%0a* [[Unrealircd.Install]] . . . January 20, 2023, at 07:24 PM by [[~mkf]]: [==]%0a* [[Pleroma.Install]] . . . January 20, 2023, at 07:18 PM by [[~mkf]]: [==]%0a* [[Gomuks.Install]] . . . January 20, 2023, at 07:08 PM by [[~mkf]]: [==]%0a* [[Gotweb.Install]] . . . January 20, 2023, at 07:02 PM by [[~mkf]]: [==]%0a* [[Webnews.Install]] . . . January 20, 2023, at 06:57 PM by [[~mkf]]: [==]%0a* [[Php.Install]] . . . January 20, 2023, at 06:52 PM by [[~mkf]]: [==]%0a* [[Mlmmj.Install]] . . . January 20, 2023, at 06:48 PM by [[~mkf]]: [==]%0a* [[Fiche.Install]] . . . January 20, 2023, at 06:44 PM by [[~mkf]]: [==]%0a* [[Prosody.Install]] . . . January 20, 2023, at 06:42 PM by [[~mkf]]: [==]%0a* [[Bitlbee.Install]] . . . January 20, 2023, at 06:36 PM by [[~mkf]]: [==]%0a* [[TigerVNC.Install]] . . . January 20, 2023, at 06:30 PM by [[~mkf]]: [==]%0a* [[NodeJS.Install]] . . . January 20, 2023, at 06:27 PM by [[~mkf]]: [==]%0a* [[Pmwiki.Install]] . . . January 20, 2023, at 06:19 PM by [[~mkf]]: [==]%0a* [[Xfce.Install]] . . . January 20, 2023, at 06:17 PM by [[~mkf]]: [==]%0a* [[Ngircd.Install]] . . . January 20, 2023, at 06:08 PM by [[~mkf]]: [==]%0a* [[Openbsd.Vipw]] . . . January 18, 2023, at 11:01 PM by [[~zen]]: [=added two spaces=]%0a* [[Grep.Usage]] . . . January 18, 2023, at 10:54 PM by [[~zen]]: [==]%0a* [[Team.Networks]] . . . January 12, 2023, at 06:36 PM by [[~kilroy]]: [=Updated Sturtz IRC=]%0a* [[Znc.Install]] . . . January 07, 2023, at 11:58 PM by [[~jrmu]]: [==]%0a* [[Rspamd.Configure]] . . . January 03, 2023, at 04:55 PM by [[~mkf]]: [==]%0a* [[Dovecot.Pigeonhole]] . . . December 30, 2022, at 04:24 PM by [[~mkf]]: [=style 2=]%0a* [[Openbsd.Quota]] . . . December 29, 2022, at 06:51 PM by [[~mkf]]: [==]%0a* [[Profiles.Miniontoby]] . . . December 26, 2022, at 07:26 PM by [[~miniontoby]]: [=Created=]%0a* [[Openbsd.Minetest]] . . . December 26, 2022, at 07:23 PM by [[~miniontoby]]: [=Added more ways to install=]%0a* [[Splinter0616Outlook.Com]] . . . December 25, 2022, at 02:37 AM by [[~SplinTer]]: [==]%0a* [[Ngircd.Oper]] . . . December 25, 2022, at 12:03 AM by [[~forero]]: [==]%0a* [[Openbsd.Honk]] . . . December 17, 2022, at 08:45 AM by [[~Yonle]]: [==]%0a* [[Yonle.Bio]] . . . December 13, 2022, at 05:18 PM by [[~Yonle]]: [==]%0a* [[Camping.Gear]] . . . December 12, 2022, at 04:39 AM by [[~jrmu]]: [==]%0a* [[Vhost.Vhost]] . . . December 12, 2022, at 03:36 AM by [[~xfnw]]: [==]%0a* [[Vhost.Ircnow]] . . . December 12, 2022, at 03:13 AM by [[~xfnw]]: [=ircfree.com is not an ircnow domain=]%0a* [[I2Pd.Tunnels]] . . . December 06, 2022, at 02:52 PM by [[~Yonle]]: [=There we go. =]%0a* [[I2pd.Tunnels]] . . . December 06, 2022, at 02:45 PM by [[~Yonle]]: [==]%0a* [[Unwind.Configure]] . . . November 26, 2022, at 09:23 PM by [[~akoizumi]]: [=add unwind=]%0a* [[Debian.Install]] . . . November 13, 2022, at 11:43 AM by [[~suzerain]]: [=writing=]%0a* [[Lemon.Lemon]] . . . November 10, 2022, at 01:48 PM by [[~mkf]]: [==]%0a* [[Bouncer.JmIRC]] . . . November 04, 2022, at 06:18 PM by [[~baytuch]]: [=Added screenshots about setup=]%0a* [[Bouncer.XChat]] . . . October 16, 2022, at 11:09 PM by [[~xfnw]]: [=XChat is unmaintained=]%0a* [[Eggdrop.VHost]] . . . October 02, 2022, at 01:05 PM by [[~sulieztya]]: [==]%0a* [[Eggdrop.VhostTCL]] . . . October 02, 2022, at 07:06 AM by [[~sulieztya]]: [==]%0a* [[He.IPv6Certification]] . . . September 16, 2022, at 05:32 PM by [[~xfnw]]: [=create page=]%0a* [[Shelllabs.Education]] . . . September 14, 2022, at 07:30 PM by [[~jrmu]]: [==]%0a* [[About.AboutUs]] . . . September 13, 2022, at 06:42 PM by [[~zleap]]: [==]%0a* [[LegalAndSafety.LegalAndSafety]] . . . September 13, 2022, at 05:19 PM by [[~zleap]]: [==]%0a* [[LegalAndSafety.LegalAmpSafety]] . . . September 13, 2022, at 05:17 PM by [[~zleap]]: [==]%0a* [[LegalAmpSafety.Subheading]] . . . September 13, 2022, at 05:15 PM by [[~zleap]]: [==]%0a* [[Acmesh.Configure]] . . . September 11, 2022, at 06:03 PM by [[~akoizumi]]: [=Added acme.sh (currently a WIP)=]%0a* [[Dehydrated.Configure]] . . . September 11, 2022, at 02:52 PM by [[~akoizumi]]: [=Add dehydrated=]%0a* [[Profiles.Izzyb]] . . . September 11, 2022, at 06:28 AM by [[~izzyb]]: [==]%0a* [[Site.EditForm]] . . . September 11, 2022, at 06:22 AM by [[~izzyb]]: [=Make Author none editable field=]%0a* [[Openbsd.Geomyidae]] . . . September 10, 2022, at 02:31 AM by [[~akoizumi]]: [==]%0a* [[Openbsd.INN]] . . . September 10, 2022, at 02:23 AM by [[~akoizumi]]: [=Fix some types=]%0a* [[Heading.Subheading]] . . . September 07, 2022, at 07:23 PM by [[~zleap]]: [==]%0a* [[Eggdrop193.Install]] . . . September 07, 2022, at 04:48 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Pioneer]] . . . August 14, 2022, at 05:06 AM by [[~jrmu]]: [==]%0a* [[Openbsd.VsFTP]] . . . August 10, 2022, at 03:18 PM by [[~mkf]]: [=snipped unneeded output=]%0a* [[C.Scanf]] . . . August 10, 2022, at 09:51 AM by [[~mkf]]: [==]%0a* [[Orange.CertsReissue]] . . . August 08, 2022, at 05:35 AM by [[~baytuch]]: [==]%0a* [[Pgp.Upload]] . . . August 01, 2022, at 01:21 PM by [[~jan6]]: [=keys.openpgp.org uses a superior implementation, less vulnerable to various issues=]%0a* [[Lemon.Packages]] . . . July 30, 2022, at 07:52 PM by [[~mkf]]: [==]%0a* [[Netizen.Ellisisland]] . . . July 27, 2022, at 07:05 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Newdeal]] . . . July 27, 2022, at 06:55 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Daughtersofliberty]] . . . July 27, 2022, at 06:45 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Womenstem]] . . . July 21, 2022, at 05:59 PM by [[~jrmu]]: [==]%0a* [[Eggdrop.RC]] . . . July 20, 2022, at 06:55 PM by [[~baytuch]]: [==]%0a* [[Opensmtpd.Troubleshoot]] . . . July 20, 2022, at 03:58 PM by [[~jlj]]: [=Added notes about how I resolved the first two errors, on nastycode=]%0a* [[Eggdrop.Nickserv]] . . . July 19, 2022, at 10:05 AM by [[~baytuch]]: [==]%0a* [[Iked.Linuxstrongswan]] . . . July 03, 2022, at 11:29 PM by [[~jrmu]]: [==]%0a* [[Acme-client.AutoRenew]] . . . July 03, 2022, at 11:50 AM by [[~mkf]]: [==]%0a* [[Openbsd.Apmd]] . . . July 03, 2022, at 11:36 AM by [[~mkf]]: [==]%0a* [[Ircnow.Roadmap2022]] . . . July 03, 2022, at 11:04 AM by [[~mkf]]: [==]%0a* [[Vpn.Myipaddress]] . . . June 30, 2022, at 09:51 PM by [[~jrmu]]: [==]%0a* [[Unbound.Blacklists]] . . . June 25, 2022, at 06:02 AM by [[~jrmu]]: [==]%0a* [[Iked.Linux]] . . . June 23, 2022, at 07:10 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Nsf]] . . . June 20, 2022, at 05:05 PM by [[~jrmu]]: [==]%0a* [[Debate.Debate]] . . . June 19, 2022, at 04:12 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Metrics]] . . . June 19, 2022, at 04:12 PM by [[~jrmu]]: [==]%0a* [[Dns.Records]] . . . June 19, 2022, at 05:44 AM by [[~jrmu]]: [==]%0a* [[Vmm.Alpine]] . . . June 13, 2022, at 05:42 PM by [[~fossdev]]: [==]%0a* [[Vmm.Arch]] . . . June 12, 2022, at 04:11 PM by [[~g1n]]: [=Added article about Arch Linux setup on VMM=]%0a* [[Unveil.Intro]] . . . June 12, 2022, at 12:40 AM by [[~jrmu]]: [==]%0a* [[Pledge.Intro]] . . . June 12, 2022, at 12:39 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Bsdrd]] . . . June 09, 2022, at 07:17 AM by [[~jrmu]]: [==]%0a* [[Vnc.Vnc]] . . . June 08, 2022, at 04:04 PM by [[~miniontoby]]: [=Added RealVNC Viewer to the list (might need some more extra stuff, but yeah its fine)=]%0a* [[Openbsd.Growfs]] . . . June 01, 2022, at 12:34 AM by [[~jrmu]]: [==]%0a* [[Hostnameif.Static-v2]] . . . May 23, 2022, at 06:29 AM by [[~theguest]]: [==]%0a* [[Grape.Minetest]] . . . May 10, 2022, at 10:48 AM by [[~baytuch]]: [==]%0a* [[Irc.Emoji]] . . . May 10, 2022, at 10:23 AM by [[~baytuch]]: [==]%0a* [[Openbsd.Nsd]] . . . May 10, 2022, at 12:33 AM by [[~jrmu]]: [==]%0a* [[Opsofliberty.Bootcamp]] . . . May 09, 2022, at 08:38 AM by [[~mkf]]: [==]%0a* [[Openbsd.Ports]] . . . May 09, 2022, at 05:54 AM by [[~mkf]]: [==]%0a* [[Ngircd.Ssl]] . . . May 08, 2022, at 03:30 PM by [[~miniontoby]]: [=fixed the text=]%0a* [[Codeforce.Training]] . . . May 03, 2022, at 03:02 AM by [[~jrmu]]: [==]%0a* [[Civics.Intro]] . . . May 03, 2022, at 01:06 AM by [[~jrmu]]: [==]%0a* [[OpenBSD.EdgeRouter-Lite]] . . . April 28, 2022, at 02:50 PM by [[~pufferf]]: [==]%0a* [[Math.Reading]] . . . April 27, 2022, at 08:23 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install71]] . . . April 24, 2022, at 09:55 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Botnow]] . . . April 24, 2022, at 06:14 AM by [[~jrmu]]: [==]%0a* [[Buyvm.Ipv6]] . . . April 24, 2022, at 06:10 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.Rss]] . . . April 23, 2022, at 04:20 PM by [[~jrmu]]: [==]%0a* [[Team.Testing]] . . . April 20, 2022, at 09:45 PM by [[~jrmu]]: [==]%0a* [[Dns.Registrars]] . . . April 20, 2022, at 09:30 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Gopher]] . . . April 20, 2022, at 08:29 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Adduser]] . . . April 20, 2022, at 08:07 PM by [[~jrmu]]: [==]%0a* [[Signify.Verify]] . . . April 20, 2022, at 06:24 PM by [[~jrmu]]: [==]%0a* [[Almanack.Route]] . . . April 20, 2022, at 06:23 AM by [[~jrmu]]: [==]%0a* [[Ntpd.Configure]] . . . April 20, 2022, at 06:17 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ntpd]] . . . April 20, 2022, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmmlinux]] . . . April 20, 2022, at 05:33 AM by [[~jrmu]]: [==]%0a* [[Vmm.Linux]] . . . April 20, 2022, at 05:33 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Iked]] . . . April 20, 2022, at 05:16 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Team]] . . . April 20, 2022, at 04:54 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Networks]] . . . April 19, 2022, at 04:22 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Announce]] . . . April 19, 2022, at 04:14 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Ally]] . . . April 19, 2022, at 04:11 PM by [[~jrmu]]: [==]%0a* [[Openhttpd.Chroot]] . . . April 19, 2022, at 04:05 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install70]] . . . April 19, 2022, at 06:52 AM by [[~jrmu]]: [==]%0a* [[CodeForce.Bootcamp]] . . . April 19, 2022, at 06:29 AM by [[~jrmu]]: [==]%0a* [[Vmm.Vmm]] . . . April 15, 2022, at 12:20 PM by [[~Naglfar]]: [=Update: report from PiRATA=]%0a* [[Minutemin.Minutemin]] . . . April 06, 2022, at 02:55 AM by [[~jrmu]]: [==]%0a* [[Openhttpd.CGI]] . . . April 05, 2022, at 04:22 PM by [[~gtlsgamr]]: [==]%0a* [[Openbsd.Censord]] . . . April 05, 2022, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dns]] . . . April 05, 2022, at 05:24 AM by [[~jrmu]]: [==]%0a* [[Debate.Zncflaws]] . . . April 05, 2022, at 05:18 AM by [[~jrmu]]: [==]%0a* [[Debate.Debiandanger]] . . . April 04, 2022, at 04:30 AM by [[~jrmu]]: [==]%0a* [[Soju.Guide]] . . . April 02, 2022, at 03:46 PM by [[~Yonle]]: [==]%0a* [[Nitter.Install]] . . . April 02, 2022, at 01:08 AM by [[~fallback]]: [=first nitter install page=]%0a* [[Debiankaios.Bio]] . . . April 01, 2022, at 05:10 PM by [[~debiankaios]]: [==]%0a* [[Chess.Reading]] . . . March 29, 2022, at 10:02 PM by [[~jrmu]]: [==]%0a* [[Irc.Services]] . . . March 25, 2022, at 04:29 AM by [[~jrmu]]: [==]%0a* [[Syslogd.Configure]] . . . March 25, 2022, at 04:07 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ddos]] . . . March 24, 2022, at 04:22 PM by [[~jrmu]]: [==]%0a* [[Ddos.Intro]] . . . March 24, 2022, at 04:22 PM by [[~jrmu]]: [==]%0a* [[Bouncer.ZNC]] . . . March 19, 2022, at 07:31 AM by [[~fallback]]: [==]%0a* [[ISCABBS.DownloadingAndInstalling]] . . . March 15, 2022, at 10:42 PM by [[~Mandarax]]: [==]%0a* [[ISCABBS.ISCABBS]] . . . March 15, 2022, at 09:24 PM by [[~Mandarax]]: [==]%0a* [[Unix.History]] . . . March 14, 2022, at 06:07 PM by [[~jrmu]]: [==]%0a* [[Unix.Exhibit]] . . . March 13, 2022, at 11:37 PM by [[~jrmu]]: [==]%0a* [[Debate.Dogfooding]] . . . March 10, 2022, at 05:14 AM by [[~jrmu]]: [==]%0a* [[Doxing.Defense]] . . . March 05, 2022, at 08:54 PM by [[~jrmu]]: [==]%0a* [[Mlmmj-archivist.Install]] . . . March 03, 2022, at 05:26 AM by [[~error]]: [==]%0a* [[Openbsd.IRCBridge]] . . . February 28, 2022, at 02:59 AM by [[~suzerain]]: [==]%0a* [[Unix101.Vi]] . . . February 27, 2022, at 08:16 PM by [[~jrmu]]: [==]%0a* [[Vi.Intro]] . . . February 27, 2022, at 04:16 PM by [[~Limits]]: [=Add Introduction to Vi=]%0a* [[Irc201.Irc201]] . . . February 27, 2022, at 04:21 AM by [[~suzerain]]: [==]%0a* [[9.Ideas]] . . . February 23, 2022, at 05:19 PM by [[~mkf]]: [==]%0a* [[Main.WikiSandbox]] . . . February 22, 2022, at 11:05 PM by [[~mkf]]: [==]%0a* [[Openbsd.Wesnothd]] . . . February 21, 2022, at 06:28 AM by [[~mkf]]: [=Wesnothd=]%0a* [[9.Audio]] . . . February 20, 2022, at 08:07 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Xonotic]] . . . February 20, 2022, at 07:43 AM by [[~mkf]]: [=A xonotic server has apperad! pt.2=]%0a* [[PuTTY.PuTTYgen]] . . . February 16, 2022, at 05:24 AM by [[~jrmu]]: [==]%0a* [[Debate.Ircnowd]] . . . February 14, 2022, at 06:24 PM by [[~jrmu]]: [==]%0a* [[Stopm.Stopm]] . . . February 14, 2022, at 06:16 PM by [[~jrmu]]: [==]%0a* [[Police.Fingerprints]] . . . February 12, 2022, at 02:09 PM by [[~xfnw]]: [=ip addresses should be sorted with sort -V=]%0a* [[Openbsd.Police]] . . . February 10, 2022, at 07:36 PM by [[~jrmu]]: [==]%0a* [[Dns.Dns]] . . . February 10, 2022, at 07:39 AM by [[~nixdork]]: [=Fix typo=]%0a* [[Dns.BindResolver]] . . . February 10, 2022, at 07:30 AM by [[~nixdork]]: [=First draft of bind resolver howto=]%0a* [[Botnow.SqliteViews]] . . . February 10, 2022, at 02:00 AM by [[~xfnw]]: [==]%0a* [[AncientWisdom.Bio]] . . . February 07, 2022, at 01:18 PM by [[~AncientWisdom]]: [==]%0a* [[Minutemin.Server]] . . . February 05, 2022, at 08:14 AM by [[~jrmu]]: [==]%0a* [[Vmm.SlackwareIso]] . . . February 03, 2022, at 10:53 PM by [[~Naglfar]]: [=Slackware 15.0 x86 stable is released=]%0a* [[Duplicity.Usage]] . . . February 02, 2022, at 10:31 AM by [[~jrmu]]: [==]%0a* [[Openssl.Encryptfile]] . . . February 02, 2022, at 09:29 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Tcpip]] . . . January 24, 2022, at 05:45 PM by [[~jrmu]]: [==]%0a* [[Synclient.Configure]] . . . January 24, 2022, at 06:02 AM by [[~jrmu]]: [==]%0a* [[9.Install]] . . . January 22, 2022, at 06:57 AM by [[~mkf]]: [==]%0a* [[Asterisk.Install]] . . . January 19, 2022, at 05:34 AM by [[~jrmu]]: [==]%0a* [[9.Ndb]] . . . January 16, 2022, at 06:46 PM by [[~mkf]]: [==]%0a* [[Openbsd.U9fs]] . . . January 16, 2022, at 06:23 PM by [[~mkf]]: [==]%0a* [[Dns.FQDN]] . . . January 15, 2022, at 10:16 PM by [[~jrmu]]: [==]%0a* [[Nsd.DNSSec]] . . . January 14, 2022, at 02:53 AM by [[~pyr3x]]: [==]%0a* [[Openbsd.Locale]] . . . January 12, 2022, at 01:23 PM by [[~baytuch]]: [==]%0a* [[Ksh.Autocomplete]] . . . January 11, 2022, at 01:44 PM by [[~miniontoby]]: [=updated url=]%0a* [[Gpg.Verify]] . . . January 08, 2022, at 09:48 PM by [[~Naglfar]]: [=Add description=]%0a* [[Mlmmj.Archive]] . . . January 06, 2022, at 10:52 PM by [[~Hawk]]: [==]%0a* [[9.Hostowner]] . . . January 06, 2022, at 11:29 AM by [[~mkf]]: [==]%0a* [[Ircnow.Dogfood]] . . . January 06, 2022, at 08:48 AM by [[~jrmu]]: [==]%0a* [[9.Chording]] . . . January 03, 2022, at 02:40 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Status]] . . . January 03, 2022, at 06:06 AM by [[~jrmu]]: [==]%0a* [[Census.Census]] . . . January 02, 2022, at 11:27 AM by [[~jrmu]]: [==]%0a* [[Bncnow.Bncnow]] . . . January 02, 2022, at 11:18 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Projects]] . . . January 02, 2022, at 11:09 AM by [[~jrmu]]: [==]%0a* [[Ircfs.Intro]] . . . January 02, 2022, at 10:49 AM by [[~jrmu]]: [==]%0a* [[Ircnowd.Ircnowd]] . . . January 02, 2022, at 06:32 AM by [[~jrmu]]: [==]%0a* [[Marketing.Marketing]] . . . January 02, 2022, at 06:20 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Sonsofliberty]] . . . January 02, 2022, at 06:06 AM by [[~jrmu]]: [==]%0a* [[Pkgadd.CheckUpdates]] . . . January 01, 2022, at 04:29 AM by [[~pyr3x]]: [==]%0a* [[Ircnow.Roadmap2021]] . . . December 30, 2021, at 06:31 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Sftp]] . . . December 30, 2021, at 06:01 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Status2022]] . . . December 30, 2021, at 05:35 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.UTF8]] . . . December 28, 2021, at 08:21 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Uim]] . . . December 26, 2021, at 01:45 AM by [[~jrmu]]: [==]%0a* [[Sshwifty.Install]] . . . December 23, 2021, at 02:49 PM by [[~miniontoby]]: [=created=]%0a* [[Nsd.Zone]] . . . December 23, 2021, at 10:33 AM by [[~jrmu]]: [==]%0a* [[OpenSSH.RSAkeys]] . . . December 22, 2021, at 03:18 PM by [[~miniontoby]]: [==]%0a* [[Openbsd.Wifi]] . . . December 22, 2021, at 02:59 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Recordaudio]] . . . December 22, 2021, at 01:24 PM by [[~jrmu]]: [==]%0a* [[9.9]] . . . December 22, 2021, at 11:30 AM by [[~xfnw]]: [=fix some grammatical errors=]%0a* [[Parec.Record]] . . . December 22, 2021, at 07:02 AM by [[~jrmu]]: [==]%0a* [[Sox.Concat]] . . . December 22, 2021, at 07:01 AM by [[~jrmu]]: [==]%0a* [[Ffmpeg.Recordscreen]] . . . December 22, 2021, at 07:00 AM by [[~jrmu]]: [==]%0a* [[JuiceSSH.Connect]] . . . December 20, 2021, at 01:03 PM by [[~jrmu]]: [==]%0a* [[9.Independent]] . . . December 20, 2021, at 12:47 PM by [[~jrmu]]: [==]%0a* [[MacScreenSharing.Connect]] . . . December 20, 2021, at 11:57 AM by [[~jrmu]]: [==]%0a* [[9.Partdisk]] . . . December 20, 2021, at 11:39 AM by [[~jrmu]]: [==]%0a* [[Got.Usage]] . . . December 17, 2021, at 04:44 PM by [[~jrmu]]: [==]%0a* [[Irc.Federation]] . . . December 17, 2021, at 02:03 PM by [[~jrmu]]: [==]%0a* [[Irc.Chanop]] . . . December 14, 2021, at 04:58 AM by [[~mkf]]: [==]%0a* [[9.Todo]] . . . December 03, 2021, at 07:52 PM by [[~mkf]]: [==]%0a* [[Pylink.Chroot]] . . . December 02, 2021, at 02:03 PM by [[~jrmu]]: [==]%0a* [[Pylink.Install]] . . . December 02, 2021, at 02:02 PM by [[~jrmu]]: [==]%0a* [[Jrmu.Marriage]] . . . December 02, 2021, at 06:09 AM by [[~jrmu]]: [==]%0a* [[Hosting.Hosting]] . . . December 01, 2021, at 02:01 PM by [[~jrmu]]: [==]%0a* [[Mc.Usage]] . . . November 29, 2021, at 07:53 PM by [[~mkf]]: [==]%0a* [[PuTTY.Connect]] . . . November 29, 2021, at 12:13 PM by [[~jrmu]]: [==]%0a* [[Texlive.Sinhala]] . . . November 28, 2021, at 06:35 AM by [[~jrmu]]: [==]%0a* [[MailWindows.Connect]] . . . November 27, 2021, at 03:12 PM by [[~jrmu]]: [==]%0a* [[Gajim.Biboumi]] . . . November 27, 2021, at 01:02 PM by [[~jrmu]]: [==]%0a* [[Mcabber.Connect]] . . . November 26, 2021, at 01:38 PM by [[~jrmu]]: [==]%0a* [[ChatSecure.Connect]] . . . November 26, 2021, at 11:36 AM by [[~jrmu]]: [==]%0a* [[9.9pfs]] . . . November 24, 2021, at 02:00 PM by [[~mkf]]: [==]%0a* [[Vmm.DebianInstall]] . . . November 24, 2021, at 11:44 AM by [[~nicoz]]: [==]%0a* [[Siskin.Connect]] . . . November 23, 2021, at 04:38 PM by [[~jrmu]]: [==]%0a* [[Dino.Connect]] . . . November 23, 2021, at 02:10 PM by [[~mkf]]: [==]%0a* [[Monal.Connect]] . . . November 23, 2021, at 10:32 AM by [[~jrmu]]: [==]%0a* [[Xabber.Connect]] . . . November 23, 2021, at 10:20 AM by [[~jrmu]]: [==]%0a* [[DNS.DMARC]] . . . November 22, 2021, at 10:52 PM by [[~Hawk]]: [==]%0a* [[StorkIM.Connect]] . . . November 21, 2021, at 05:03 AM by [[~jrmu]]: [==]%0a* [[Conversations.Connect]] . . . November 20, 2021, at 05:37 PM by [[~jrmu]]: [==]%0a* [[Yaxim.Connect]] . . . November 20, 2021, at 05:09 PM by [[~jrmu]]: [==]%0a* [[Adium.Connect]] . . . November 20, 2021, at 07:32 AM by [[~jrmu]]: [==]%0a* [[Vmm.AlmaLinux]] . . . November 20, 2021, at 06:47 AM by [[~dodocrypto]]: [==]%0a* [[Psi.Connect]] . . . November 17, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[Pidgin.Connect]] . . . November 17, 2021, at 10:18 AM by [[~jrmu]]: [==]%0a* [[Gajim.Connect]] . . . November 17, 2021, at 08:01 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Training]] . . . November 16, 2021, at 03:30 PM by [[~Hawk]]: [==]%0a* [[Opera.Connect]] . . . November 16, 2021, at 12:12 AM by [[~wiz]]: [==]%0a* [[0dev.0dev]] . . . November 12, 2021, at 03:00 AM by [[~dodocrypto]]: [==]%0a* [[Vmm.RockyLinux]] . . . November 11, 2021, at 10:51 AM by [[~dodocrypto]]: [==]%0a* [[Opensmtpd.Openrelay]] . . . November 11, 2021, at 10:37 AM by [[~mkf]]: [==]%0a* [[Sandbox.0dev]] . . . November 11, 2021, at 01:45 AM by [[~dodocrypto]]: [==]%0a* [[Got.Mirror]] . . . November 07, 2021, at 05:22 PM by [[~jrmu]]: [==]%0a* [[Vpn.OpenIKED]] . . . November 07, 2021, at 03:45 PM by [[~gloNO]]: [==]%0a* [[Openbsd.Got]] . . . November 07, 2021, at 03:16 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Opsofliberty]] . . . November 06, 2021, at 05:15 PM by [[~jrmu]]: [==]%0a* [[Emacs.Emacs]] . . . November 06, 2021, at 04:39 PM by [[~LohanG]]: [==]%0a* [[ZNC.Support]] . . . November 06, 2021, at 03:53 PM by [[~LohanG]]: [=added libera=]%0a* [[9.Stone]] . . . November 04, 2021, at 04:09 PM by [[~meeekeeef]]: [==]%0a* [[9.Zuke]] . . . November 04, 2021, at 04:01 PM by [[~meeekeeef]]: [==]%0a* [[Znc.Relayd]] . . . November 03, 2021, at 10:18 AM by [[~jrmu]]: [==]%0a* [[Znc.Debug]] . . . November 02, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[Znc.Usage]] . . . November 02, 2021, at 03:09 PM by [[~jrmu]]: [==]%0a* [[Almanack.Rewrite]] . . . October 31, 2021, at 10:30 PM by [[~hydragyrum]]: [==]%0a* [[9.Sysupdate]] . . . October 31, 2021, at 10:21 PM by [[~meeekeeef]]: [==]%0a* [[Debian.Debian]] . . . October 31, 2021, at 12:34 PM by [[~monaco]]: [==]%0a* [[Ircnow.Victorycpus]] . . . October 30, 2021, at 08:17 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Settler]] . . . October 29, 2021, at 04:03 PM by [[~jrmu]]: [==]%0a* [[Debian.Nginxphpfpm]] . . . October 29, 2021, at 12:26 PM by [[~monaco]]: [==]%0a* [[Debian.Nginx]] . . . October 29, 2021, at 12:18 PM by [[~monaco]]: [==]%0a* [[Vmm.Homerouter]] . . . October 26, 2021, at 05:08 PM by [[~jrmu]]: [==]%0a* [[9.Netcat]] . . . October 25, 2021, at 03:40 PM by [[~jrmu]]: [==]%0a* [[9.Plan9ini]] . . . October 24, 2021, at 04:30 PM by [[~jrmu]]: [==]%0a* [[Iked.Newconfig]] . . . October 24, 2021, at 03:49 PM by [[~tool]]: [==]%0a* [[Lua.Minetest-1]] . . . October 24, 2021, at 10:30 AM by [[~debiankaios]]: [==]%0a* [[9.Links]] . . . October 24, 2021, at 06:29 AM by [[~mkf]]: [==]%0a* [[9.Keybindings]] . . . October 24, 2021, at 06:15 AM by [[~mkf]]: [=heheheheheh=]%0a* [[Xdefaults.Configure]] . . . October 23, 2021, at 02:40 PM by [[~jrmu]]: [==]%0a* [[TigerVNC.SSH]] . . . October 23, 2021, at 11:56 AM by [[~Hawk]]: [==]%0a* [[9.Ssh]] . . . October 22, 2021, at 12:54 AM by [[~jrmu]]: [==]%0a* [[Vmm.Devuan4Iso]] . . . October 21, 2021, at 04:29 PM by [[~debiankaios]]: [=changed beowulf_3.1.1 to chimaera_4.0.0=]%0a* [[9.101]] . . . October 20, 2021, at 04:53 PM by [[~jrmu]]: [==]%0a* [[Fvwm.Configure]] . . . October 18, 2021, at 10:20 AM by [[~jrmu]]: [==]%0a* [[KISSmo.KISSmo]] . . . October 18, 2021, at 09:58 AM by [[~monaco]]: [==]%0a* [[KISSmo.Download]] . . . October 18, 2021, at 09:53 AM by [[~monaco]]: [==]%0a* [[KISSmo.About]] . . . October 18, 2021, at 09:52 AM by [[~monaco]]: [==]%0a* [[KISSmo.Install]] . . . October 18, 2021, at 09:44 AM by [[~monaco]]: [==]%0a* [[Cvs.Repo]] . . . October 17, 2021, at 08:32 AM by [[~jrmu]]: [==]%0a* [[Cvs.Anoncvs]] . . . October 17, 2021, at 04:00 AM by [[~jrmu]]: [==]%0a* [[Cvs.Commit]] . . . October 17, 2021, at 03:58 AM by [[~jrmu]]: [==]%0a* [[Cvs.Cvsweb]] . . . October 17, 2021, at 03:28 AM by [[~jrmu]]: [==]%0a* [[9.Cvsfs]] . . . October 15, 2021, at 12:58 PM by [[~mkf]]: [==]%0a* [[Openbsd.Sysupgrade70]] . . . October 15, 2021, at 11:02 AM by [[~mkf]]: [=humans are easily confused.=]%0a* [[Openbsd.Ilines]] . . . October 15, 2021, at 02:36 AM by [[~jrmu]]: [==]%0a* [[Vmm.Devuan-ISO]] . . . October 14, 2021, at 09:50 AM by [[~siva]]: [==]%0a* [[Vmm.Devuan-Simple]] . . . October 14, 2021, at 09:48 AM by [[~siva]]: [=Tutorial Created=]%0a* [[Cvs.Intro]] . . . October 13, 2021, at 03:49 PM by [[~jrmu]]: [==]%0a* [[Synapse.Install]] . . . October 12, 2021, at 02:49 PM by [[~miniontoby]]: [=Created=]%0a* [[Ircnow.Oper]] . . . October 12, 2021, at 03:02 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Diversity]] . . . October 09, 2021, at 02:56 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Linux]] . . . October 08, 2021, at 04:51 AM by [[~jrmu]]: [==]%0a* [[OpenBSD.ResetPassword]] . . . October 07, 2021, at 03:56 AM by [[~jrmu]]: [==]%0a* [[Terms.Vps]] . . . October 06, 2021, at 12:30 AM by [[~jrmu]]: [==]%0a* [[9.JSDrawterm]] . . . September 30, 2021, at 06:06 PM by [[~jrmu]]: [==]%0a* [[9.Fonts]] . . . September 28, 2021, at 05:13 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install69]] . . . September 27, 2021, at 05:59 PM by [[~jrmu]]: [==]%0a* [[Cvs.Guide]] . . . September 26, 2021, at 02:28 PM by [[~Miniontoby]]: [==]%0a* [[License.IrcnowV2]] . . . September 21, 2021, at 03:53 AM by [[~jrmu]]: [==]%0a* [[Vmm.Router]] . . . September 14, 2021, at 12:11 PM by [[~jrmu]]: [==]%0a* [[Weechat.Relay]] . . . September 11, 2021, at 05:46 PM by [[~mkf]]: [==]%0a* [[Gry.Bio]] . . . September 11, 2021, at 02:49 AM by [[~jrmu]]: [==]%0a* [[Hopm.Telnet]] . . . September 10, 2021, at 06:13 AM by [[~mkf]]: [==]%0a* [[Wraith.Chroot]] . . . September 10, 2021, at 06:11 AM by [[~mkf]]: [==]%0a* [[ZNC.Skins]] . . . September 06, 2021, at 07:58 AM by [[~mkf]]: [="Huh, pmwiki has a bug." no numbered list if use monospaced text. :(=]%0a* [[Seamonkey.Connect]] . . . August 28, 2021, at 01:05 PM by [[~mkf]]: [==]%0a* [[Debate.Wikistyle]] . . . August 27, 2021, at 03:29 PM by [[~mkf]]: [==]%0a* [[Email.EmailAndroidEmailApp]] . . . August 27, 2021, at 02:37 PM by [[~mkf]]: [==]%0a* [[Tmux.Shortcuts]] . . . August 27, 2021, at 12:56 PM by [[~mkf]]: [==]%0a* [[Vmm.Haiku]] . . . August 27, 2021, at 12:53 PM by [[~mkf]]: [==]%0a* [[Openbsd.Mailopenproxy]] . . . August 25, 2021, at 08:19 PM by [[~mkf]]: [==]%0a* [[Openbsd.Two-FactorAuth]] . . . August 23, 2021, at 07:39 PM by [[~mkf]]: [=login.db compiling is no longer recommended.=]%0a* [[Vmm.DragonflyBSD]] . . . August 23, 2021, at 07:31 PM by [[~mkf]]: [=logs=]%0a* [[Vmm.NetBSD]] . . . August 23, 2021, at 07:01 PM by [[~mkf]]: [=better logs?=]%0a* [[DNS.Ipv6rDNS]] . . . August 23, 2021, at 11:55 AM by [[~jrmu]]: [==]%0a* [[Pipes.Redirection]] . . . August 23, 2021, at 03:50 AM by [[~jrmu]]: [==]%0a* [[Ksh.Redirection]] . . . August 23, 2021, at 03:50 AM by [[~jrmu]]: [==]%0a* [[Rbldnsd.Install]] . . . August 22, 2021, at 07:58 PM by [[~mkf]]: [=wiki-ish.=]%0a* [[Netcat.Smtp]] . . . August 22, 2021, at 06:58 PM by [[~mkf]]: [=byebye=]%0a* [[Openbsd.Npppd]] . . . August 21, 2021, at 01:43 PM by [[~mkf]]: [==]%0a* [[Shell.Shell]] . . . August 21, 2021, at 11:42 AM by [[~jrmu]]: [==]%0a* [[Tls.CA]] . . . August 21, 2021, at 11:10 AM by [[~jrmu]]: [==]%0a* [[Openssl.Imap]] . . . August 21, 2021, at 04:05 AM by [[~AncientWisdom]]: [==]%0a* [[Ircnow.Todo]] . . . August 17, 2021, at 08:41 AM by [[~mkf]]: [==]%0a* [[Vmm.GuixIso]] . . . August 16, 2021, at 05:12 PM by [[~jrmu]]: [==]%0a* [[Vmm.VoidIso]] . . . August 16, 2021, at 06:19 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Gophernicus]] . . . August 15, 2021, at 02:06 AM by [[~mkf]]: [==]%0a* [[Gazette.Gazette]] . . . August 15, 2021, at 01:14 AM by [[~mkf]]: [=a bit polishing=]%0a* [[EmailTray.Connect]] . . . August 15, 2021, at 12:11 AM by [[~mkf]]: [==]%0a* [[Bouncer.Konversation]] . . . August 14, 2021, at 02:46 PM by [[~mkf]]: [==]%0a* [[Squirrelmail.Connect]] . . . August 14, 2021, at 04:47 AM by [[~mkf]]: [==]%0a* [[Termius.Connect]] . . . August 14, 2021, at 04:42 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Openhttpd]] . . . August 13, 2021, at 07:29 AM by [[~jrmu]]: [==]%0a* [[ConnectBot.Keys]] . . . August 12, 2021, at 06:58 AM by [[~jrmu]]: [==]%0a* [[Debate.Monopolydanger]] . . . August 11, 2021, at 07:01 PM by [[~mkf]]: [==]%0a* [[ConnectBot.Connect]] . . . August 11, 2021, at 04:34 PM by [[~jrmu]]: [==]%0a* [[Termux.Connect]] . . . August 11, 2021, at 05:28 AM by [[~jrmu]]: [==]%0a* [[Web101.Web101]] . . . August 10, 2021, at 04:20 PM by [[~craziness]]: [=started web101=]%0a* [[Openbsd.Pppoe]] . . . August 10, 2021, at 11:56 AM by [[~mkf]]: [==]%0a* [[MacTerminal.Connect]] . . . August 10, 2021, at 10:33 AM by [[~jrmu]]: [==]%0a* [[Fdroid.Install]] . . . August 10, 2021, at 09:05 AM by [[~jrmu]]: [==]%0a* [[Shell.Sshfingerprints]] . . . August 10, 2021, at 08:55 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Sshkeys]] . . . August 09, 2021, at 04:42 PM by [[~jrmu]]: [==]%0a* [[Vmm.9front]] . . . August 09, 2021, at 06:16 AM by [[~mkf]]: [==]%0a* [[Bouncer.WinIRC]] . . . August 09, 2021, at 06:03 AM by [[~mkf]]: [==]%0a* [[SerFISH.Connect]] . . . August 06, 2021, at 05:05 PM by [[~jrmu]]: [==]%0a* [[Sshwifty.Connect]] . . . August 06, 2021, at 05:00 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Squirrelmail]] . . . August 06, 2021, at 10:32 AM by [[~baytuch]]: [==]%0a* [[Eggdrop.NickServ]] . . . August 05, 2021, at 07:27 AM by [[~jrmu]]: [==]%0a* [[Medals.Intro]] . . . August 04, 2021, at 08:34 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dnszones]] . . . August 03, 2021, at 09:26 AM by [[~jrmu]]: [==]%0a* [[Dns.Zonefile]] . . . August 03, 2021, at 09:21 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Ifconfig]] . . . August 02, 2021, at 12:59 PM by [[~mkf]]: [==]%0a* [[Openbsd.Matterbridge]] . . . August 02, 2021, at 12:33 PM by [[~mkf]]: [==]%0a* [[Znc.I18n]] . . . August 02, 2021, at 09:12 AM by [[~mkf]]: [==]%0a* [[Almanack.Alt]] . . . August 02, 2021, at 07:52 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.Simple]] . . . August 02, 2021, at 07:49 AM by [[~jrmu]]: [==]%0a* [[Eggdrop.Install]] . . . August 02, 2021, at 05:11 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vhost]] . . . August 02, 2021, at 02:32 AM by [[~jrmu]]: [==]%0a* [[Thunderirc.Hardware]] . . . August 01, 2021, at 01:47 PM by [[~jrmu]]: [==]%0a* [[Lecturify.Hardware]] . . . August 01, 2021, at 01:27 PM by [[~jrmu]]: [==]%0a* [[Congress.Procedure]] . . . August 01, 2021, at 06:41 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Chroot]] . . . July 31, 2021, at 02:47 AM by [[~jrmu]]: [==]%0a* [[Syslogd.Remote]] . . . July 30, 2021, at 03:30 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmmuser]] . . . July 29, 2021, at 05:31 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmminstall]] . . . July 29, 2021, at 05:28 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Vmm]] . . . July 29, 2021, at 05:24 AM by [[~jrmu]]: [==]%0a* [[Openbsd.ZNCAdmin]] . . . July 28, 2021, at 06:14 AM by [[~jrmu]]: [==]%0a* [[Openbsd.ZNCSupport]] . . . July 28, 2021, at 06:14 AM by [[~jrmu]]: [==]%0a* [[ZNC.Troubleshoot]] . . . July 28, 2021, at 06:12 AM by [[~jrmu]]: [==]%0a* [[Znc.Troubleshoot]] . . . July 28, 2021, at 06:11 AM by [[~jrmu]]: [==]%0a* [[Host.Usage]] . . . July 28, 2021, at 01:57 AM by [[~jrmu]]: [==]%0a* [[UsersCategoryMirrory.IRCFreeHomesteadVPS]] . . . July 26, 2021, at 06:12 AM by [[~category_mirror]]: [==]%0a* [[Ircnow.PioneerTldr]] . . . July 26, 2021, at 06:04 AM by [[~jrmu]]: [==]%0a* [[UsersCategoryMirrory.Pioneer]] . . . July 26, 2021, at 04:22 AM by [[~category_mirror]]: [==]%0a* [[Openbsd.Dig]] . . . July 25, 2021, at 06:50 AM by [[~jrmu]]: [==]%0a* [[Openbsd.RDNS]] . . . July 23, 2021, at 06:44 AM by [[~jrmu]]: [==]%0a* [[Bouncer.All]] . . . July 21, 2021, at 06:37 PM by [[~mkf]]: [==]%0a* [[Lemon.Todo]] . . . July 21, 2021, at 06:21 PM by [[~mkf]]: [==]%0a* [[Irc.Guide]] . . . July 21, 2021, at 06:02 PM by [[~mkf]]: [=client -> clients=]%0a* [[Openbsd.Sic]] . . . July 21, 2021, at 05:57 PM by [[~mkf]]: [=first edit.=]%0a* [[Minutemin.Progress]] . . . July 21, 2021, at 08:10 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Openrsync]] . . . July 18, 2021, at 02:01 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Znc]] . . . July 16, 2021, at 10:43 AM by [[~jrmu]]: [==]%0a* [[Netizen.Become]] . . . July 14, 2021, at 09:47 AM by [[~jrmu]]: [==]%0a* [[Freedom.Bearcode]] . . . July 14, 2021, at 09:42 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Staticnet]] . . . July 12, 2021, at 05:48 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Dovecot]] . . . July 12, 2021, at 02:58 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Relayd]] . . . July 12, 2021, at 02:45 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Spf]] . . . July 12, 2021, at 03:08 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Eggdrop]] . . . July 02, 2021, at 03:20 AM by [[~jrmu]]: [==]%0a* [[Openssl.Http]] . . . June 30, 2021, at 04:44 AM by [[~mkf]]: [==]%0a* [[Debate.Oldsoftware]] . . . June 29, 2021, at 03:56 PM by [[~mkf]]: [==]%0a* [[Debate.Xmlflaws]] . . . June 29, 2021, at 03:54 PM by [[~mkf]]: [==]%0a* [[Debate.Wikipediadanger]] . . . June 29, 2021, at 03:51 PM by [[~mkf]]: [==]%0a* [[Debate.DCC]] . . . June 29, 2021, at 03:49 PM by [[~mkf]]: [==]%0a* [[Debate.Matrixflaws]] . . . June 29, 2021, at 03:48 PM by [[~mkf]]: [==]%0a* [[Debate.Webirc]] . . . June 29, 2021, at 03:48 PM by [[~mkf]]: [==]%0a* [[Debate.Nodejstrap]] . . . June 29, 2021, at 03:48 PM by [[~mkf]]: [==]%0a* [[Debate.Ircv3defense]] . . . June 29, 2021, at 03:45 PM by [[~mkf]]: [==]%0a* [[Openbsd.Newdisk]] . . . June 29, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[AndroidEmail.AndroidEmail]] . . . June 29, 2021, at 03:11 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Unbound]] . . . June 27, 2021, at 12:12 PM by [[~jrmu]]: [==]%0a* [[Freedom.Religion]] . . . June 27, 2021, at 02:02 AM by [[~jrmu]]: [==]%0a* [[Freedom.Union]] . . . June 26, 2021, at 01:01 PM by [[~jrmu]]: [==]%0a* [[Freedom.Firstamendment]] . . . June 26, 2021, at 11:45 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dkimproxy]] . . . June 25, 2021, at 12:56 PM by [[~jrmu]]: [==]%0a* [[MIF.Test]] . . . June 25, 2021, at 12:42 PM by [[~nsturtz]]: [==]%0a* [[Openbsd.Sysupgrade69]] . . . June 25, 2021, at 05:46 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Opensmtpd]] . . . June 23, 2021, at 02:21 AM by [[~jrmu]]: [==]%0a* [[Openbsd.NgircdLink]] . . . June 22, 2021, at 07:50 PM by [[~mkf]]: [=delete=]%0a* [[File.File]] . . . June 22, 2021, at 07:43 PM by [[~mkf]]: [=linking=]%0a* [[Debate.Linuxflaws]] . . . June 20, 2021, at 08:03 AM by [[~mkf]]: [=making hyperlinks=]%0a* [[Freedom.Destiny]] . . . June 18, 2021, at 05:31 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Doas]] . . . June 13, 2021, at 01:19 PM by [[~jrmu]]: [==]%0a* [[Freedom.Freedom]] . . . June 13, 2021, at 09:13 AM by [[~jrmu]]: [==]%0a* [[Freedom.Press]] . . . June 13, 2021, at 09:12 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Shell]] . . . June 11, 2021, at 09:36 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Constitution]] . . . June 10, 2021, at 03:48 PM by [[~jrmu]]: [==]%0a* [[Netizen.Rights]] . . . June 10, 2021, at 03:21 PM by [[~jrmu]]: [==]%0a* [[IPv4.Overview]] . . . June 10, 2021, at 10:13 AM by [[~jrmu]]: [==]%0a* [[Ksh.Bash]] . . . June 09, 2021, at 11:31 AM by [[~jrmu]]: [==]%0a* [[PowerShell.Connect]] . . . June 09, 2021, at 11:10 AM by [[~jrmu]]: [==]%0a* [[Code.Code]] . . . June 08, 2021, at 05:24 PM by [[~mkf]]: [=better formating=]%0a* [[Grape.DonateUs]] . . . June 06, 2021, at 03:41 PM by [[~fizi]]: [==]%0a* [[Openbsd.Books]] . . . June 06, 2021, at 12:46 PM by [[~jrmu]]: [==]%0a* [[Grape.Grape]] . . . June 06, 2021, at 11:39 AM by [[~fizi]]: [==]%0a* [[Openbsd.Pfa]] . . . June 06, 2021, at 03:49 AM by [[~navic]]: [==]%0a* [[Vmm.Debian]] . . . June 04, 2021, at 07:48 PM by [[~mkf]]: [="LOL"=]%0a* [[DNS.Dnswl]] . . . June 04, 2021, at 11:11 AM by [[~jrmu]]: [==]%0a* [[Dkim.Dkimsign]] . . . June 04, 2021, at 09:07 AM by [[~jrmu]]: [==]%0a* [[Tor.Torsocks]] . . . June 04, 2021, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Vpn.VpnMac]] . . . June 04, 2021, at 05:40 AM by [[~jrmu]]: [==]%0a* [[HostServ.Rules]] . . . June 01, 2021, at 08:11 AM by [[~jrmu]]: [==]%0a* [[Openbsd.ACKFlood]] . . . May 29, 2021, at 06:20 AM by [[~mkf]]: [==]%0a* [[Openbsd.SSDP]] . . . May 29, 2021, at 06:18 AM by [[~mkf]]: [==]%0a* [[Openbsd.Anycast]] . . . May 29, 2021, at 06:01 AM by [[~mkf]]: [==]%0a* [[Ambassador.Networks]] . . . May 27, 2021, at 04:05 PM by [[~jrmu]]: [==]%0a* [[Marketing.Rules]] . . . May 26, 2021, at 06:15 AM by [[~jrmu]]: [==]%0a* [[Freenode.Power]] . . . May 26, 2021, at 04:38 AM by [[~jrmu]]: [==]%0a* [[Freenode.Money]] . . . May 25, 2021, at 03:29 PM by [[~jrmu]]: [==]%0a* [[Freenode.Takeover]] . . . May 25, 2021, at 05:28 AM by [[~jrmu]]: [==]%0a* [[Freedom.Freenode]] . . . May 25, 2021, at 01:48 AM by [[~jrmu]]: [==]%0a* [[Bouncer.Atomic]] . . . May 24, 2021, at 03:22 PM by [[~mkf]]: [=spacing=]%0a* [[Minetest.Updating]] . . . May 24, 2021, at 08:10 AM by [[~mkf]]: [=monospaced commands=]%0a* [[Shell.Putty]] . . . May 24, 2021, at 06:16 AM by [[~jrmu]]: [==]%0a* [[Vmm.Optimize]] . . . May 19, 2021, at 04:04 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Stable]] . . . May 18, 2021, at 10:15 AM by [[~mkf]]: [==]%0a* [[Ircnow.VicePresident]] . . . May 18, 2021, at 08:15 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Sheriff]] . . . May 18, 2021, at 08:00 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Ambassador]] . . . May 18, 2021, at 07:42 AM by [[~jrmu]]: [==]%0a* [[Pf.Guide]] . . . May 17, 2021, at 03:37 AM by [[~bejelentkezni]]: [==]%0a* [[NewsNow.Install]] . . . May 16, 2021, at 06:49 AM by [[~mkf]]: [="$"=]%0a* [[Tmux.Share]] . . . May 15, 2021, at 02:27 AM by [[~mistera]]: [==]%0a* [[Openbsd.Security]] . . . May 14, 2021, at 03:14 AM by [[~caesar]]: [==]%0a* [[Bouncer.Vision]] . . . May 13, 2021, at 09:47 AM by [[~mkf]]: [=added home page, removed "..."s=]%0a* [[Minetest.Worldbackup]] . . . May 12, 2021, at 11:02 AM by [[~AES]]: [==]%0a* [[Minetest.Texturestyle]] . . . May 12, 2021, at 11:00 AM by [[~AES]]: [==]%0a* [[Minetest.Serverlocations]] . . . May 12, 2021, at 10:59 AM by [[~AES]]: [==]%0a* [[Minetest.Addingarenas]] . . . May 12, 2021, at 10:58 AM by [[~jrmu]]: [==]%0a* [[Relay.Relay]] . . . May 12, 2021, at 09:10 AM by [[~jrmu]]: [==]%0a* [[Ngircd.Install-bej]] . . . May 11, 2021, at 05:26 AM by [[~bejelentkezni]]: [==]%0a* [[Openbsd.Hopm-Arthur]] . . . May 07, 2021, at 12:28 PM by [[~Arthur]]: [==]%0a* [[Znc.Chroot69]] . . . May 06, 2021, at 03:36 AM by [[~bejelentkezni]]: [=back to 6.9 to see real changes=]%0a* [[Freedom.Unix]] . . . April 29, 2021, at 03:39 PM by [[~jrmu]]: [==]%0a* [[Pmwiki.Simpleurl]] . . . April 29, 2021, at 02:46 PM by [[~punk]]: [==]%0a* [[Gpl.Flaws]] . . . April 24, 2021, at 04:56 PM by [[~jrmu]]: [==]%0a* [[Iked.Windows]] . . . April 18, 2021, at 07:38 PM by [[~st13g]]: [==]%0a* [[Freedom.Libertyordeath]] . . . April 17, 2021, at 12:35 PM by [[~jrmu]]: [==]%0a* [[Minetest.Economy]] . . . April 15, 2021, at 02:32 PM by [[~jrmu]]: [==]%0a* [[Vim.Vim]] . . . April 11, 2021, at 11:14 PM by [[~monaco]]: [==]%0a* [[Minutemin.Duty]] . . . April 11, 2021, at 04:53 AM by [[~jrmu]]: [==]%0a* [[License.License]] . . . April 04, 2021, at 02:00 AM by [[~jrmu]]: [==]%0a* [[EthicalSource.HolierThanThou]] . . . April 04, 2021, at 01:56 AM by [[~jrmu]]: [==]%0a* [[Jrmu.Rmsboycott]] . . . April 03, 2021, at 01:36 AM by [[~jrmu]]: [==]%0a* [[Jrmu.Libertyordeath]] . . . April 02, 2021, at 12:56 PM by [[~jrmu]]: [==]%0a* [[Fig.Fig]] . . . March 31, 2021, at 10:15 AM by [[~chewy]]: [==]%0a* [[Coconut.Coconut]] . . . March 29, 2021, at 12:28 PM by [[~jrmu]]: [==]%0a* [[ClawsMail.Connect]] . . . March 29, 2021, at 08:42 AM by [[~miniontoby]]: [==]%0a* [[Freedom.Madeonirc]] . . . March 27, 2021, at 11:48 AM by [[~jrmu]]: [==]%0a* [[Third.Devs]] . . . March 27, 2021, at 11:41 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Code]] . . . March 24, 2021, at 03:26 AM by [[~jrmu]]: [==]%0a* [[Cherry.Todo]] . . . March 23, 2021, at 03:23 PM by [[~Oz]]: [==]%0a* [[Freedom.Independence]] . . . March 22, 2021, at 01:13 PM by [[~wiz]]: [==]%0a* [[Marketing.Founders]] . . . March 20, 2021, at 01:40 AM by [[~jrmu]]: [==]%0a* [[NewsNow.Teams]] . . . March 18, 2021, at 09:47 AM by [[~miniontoby]]: [=banana=]%0a* [[Vhost.Freedns]] . . . March 16, 2021, at 12:22 PM by [[~wiz]]: [==]%0a* [[Marketing.Freedom]] . . . March 15, 2021, at 01:30 PM by [[~jrmu]]: [==]%0a* [[Bsd.Labor]] . . . March 15, 2021, at 06:12 AM by [[~jrmu]]: [==]%0a* [[License.Discriminatory]] . . . March 15, 2021, at 06:12 AM by [[~jrmu]]: [==]%0a* [[Bsd.Hope]] . . . March 14, 2021, at 11:05 PM by [[~jrmu]]: [==]%0a* [[License.Publicdomain]] . . . March 14, 2021, at 10:02 AM by [[~jrmu]]: [==]%0a* [[Linux.Flaws]] . . . March 14, 2021, at 05:13 AM by [[~jrmu]]: [==]%0a* [[NewsNow.Browser]] . . . March 12, 2021, at 08:00 AM by [[~miniontoby]]: [==]%0a* [[Abuse.Code]] . . . March 09, 2021, at 03:44 PM by [[~jrmu]]: [==]%0a* [[Congress.Documents]] . . . March 07, 2021, at 04:50 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Goals]] . . . March 06, 2021, at 09:33 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Chatforce]] . . . March 05, 2021, at 02:15 PM by [[~jrmu]]: [==]%0a* [[Shell.Bash]] . . . March 05, 2021, at 10:19 AM by [[~jrmu]]: [==]%0a* [[User.Welcome]] . . . March 05, 2021, at 07:34 AM by [[~jrmu]]: [==]%0a* [[Immigrant.Welcome]] . . . March 05, 2021, at 06:59 AM by [[~jrmu]]: [==]%0a* [[Mail.Openrelay]] . . . March 04, 2021, at 03:20 PM by [[~jrmu]]: [==]%0a* [[Mail.Test]] . . . March 04, 2021, at 03:07 PM by [[~jrmu]]: [==]%0a* [[Minutemin.Game]] . . . March 04, 2021, at 10:16 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Netizen]] . . . February 28, 2021, at 03:18 PM by [[~jrmu]]: [==]%0a* [[Servers.Rights]] . . . February 28, 2021, at 12:37 PM by [[~jrmu]]: [==]%0a* [[Marketing.Enterprise]] . . . February 28, 2021, at 11:52 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Creed]] . . . February 28, 2021, at 03:21 AM by [[~jrmu]]: [==]%0a* [[Ln.Intro]] . . . February 25, 2021, at 12:20 PM by [[~jrmu]]: [==]%0a* [[Leafnode.Install]] . . . February 25, 2021, at 10:56 AM by [[~jrmu]]: [==]%0a* [[Guava.Todo]] . . . February 23, 2021, at 10:47 AM by [[~quofan]]: [==]%0a* [[Relays.Relays]] . . . February 22, 2021, at 04:22 PM by [[~jrmu]]: [==]%0a* [[PSFTP.Connect]] . . . February 21, 2021, at 03:57 PM by [[~jrmu]]: [==]%0a* [[Outlook.Connect]] . . . February 21, 2021, at 03:23 PM by [[~jrmu]]: [==]%0a* [[AppleMail.Connect]] . . . February 20, 2021, at 04:38 PM by [[~jrmu]]: [==]%0a* [[Thunderbird.Pgp]] . . . February 19, 2021, at 04:44 PM by [[~jrmu]]: [==]%0a* [[License.Ircnow]] . . . February 19, 2021, at 09:45 AM by [[~miniontoby]]: [=2021=]%0a* [[Thunderbird.Connect]] . . . February 19, 2021, at 09:36 AM by [[~jrmu]]: [==]%0a* [[Shell.Mac]] . . . February 19, 2021, at 09:14 AM by [[~jrmu]]: [==]%0a* [[Minutemin.Training]] . . . February 18, 2021, at 06:42 AM by [[~jrmu]]: [==]%0a* [[Freedom.Openforeveryone]] . . . February 16, 2021, at 04:33 AM by [[~jrmu]]: [==]%0a* [[Ircnow.IRCitizen]] . . . February 15, 2021, at 05:32 AM by [[~jrmu]]: [==]%0a* [[IPv6.Overview]] . . . February 14, 2021, at 11:09 AM by [[~jrmu]]: [==]%0a* [[Tcpip.Overview]] . . . February 14, 2021, at 11:02 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Syspatch]] . . . February 14, 2021, at 11:00 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Netadmin]] . . . February 14, 2021, at 10:56 AM by [[~jrmu]]: [==]%0a* [[Marketing.Religion]] . . . February 14, 2021, at 10:37 AM by [[~jrmu]]: [==]%0a* [[Marketing.Independence]] . . . February 13, 2021, at 04:59 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Leafnode]] . . . February 12, 2021, at 01:40 PM by [[~chewy]]: [==]%0a* [[Oidentd.Pylink]] . . . February 12, 2021, at 01:25 PM by [[~jrmu]]: [==]%0a* [[Marketing.Opportunity]] . . . February 11, 2021, at 12:58 PM by [[~jrmu]]: [==]%0a* [[Marketing.Republic]] . . . February 11, 2021, at 06:45 AM by [[~jrmu]]: [==]%0a* [[Achurch.Install]] . . . February 10, 2021, at 04:33 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Pylink]] . . . February 08, 2021, at 08:33 AM by [[~jrmu]]: [==]%0a* [[Ircnow.OpofLiberty]] . . . February 06, 2021, at 12:53 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Allies]] . . . February 06, 2021, at 12:47 PM by [[~jrmu]]: [==]%0a* [[Freedom.Dueprocess]] . . . February 06, 2021, at 12:25 PM by [[~jrmu]]: [==]%0a* [[Freedom.Checks]] . . . February 06, 2021, at 12:21 PM by [[~jrmu]]: [==]%0a* [[Freedom.Rulebylaw]] . . . February 06, 2021, at 12:12 PM by [[~jrmu]]: [==]%0a* [[Freedom.Startupdream]] . . . February 06, 2021, at 12:12 PM by [[~jrmu]]: [==]%0a* [[Freedom.Federation]] . . . February 06, 2021, at 11:44 AM by [[~jrmu]]: [==]%0a* [[Freedom.Selfadmin]] . . . February 06, 2021, at 11:26 AM by [[~jrmu]]: [==]%0a* [[Ircnow.OpsofLiberty]] . . . February 06, 2021, at 02:13 AM by [[~jrmu]]: [==]%0a* [[Freedom.Software]] . . . February 05, 2021, at 11:31 AM by [[~jrmu]]: [==]%0a* [[Freedom.Opportunity]] . . . February 05, 2021, at 08:55 AM by [[~jrmu]]: [==]%0a* [[Unix.Workethic]] . . . February 05, 2021, at 08:49 AM by [[~jrmu]]: [==]%0a* [[Unix.Ethic]] . . . February 05, 2021, at 08:48 AM by [[~jrmu]]: [==]%0a* [[Debate.Privacy]] . . . February 05, 2021, at 07:05 AM by [[~jrmu]]: [==]%0a* [[Team.Policy]] . . . February 04, 2021, at 04:08 PM by [[~jrmu]]: [==]%0a* [[Freedom.Serversrights]] . . . February 04, 2021, at 02:43 PM by [[~jrmu]]: [==]%0a* [[Freedom.Serverrights]] . . . February 04, 2021, at 02:42 PM by [[~jrmu]]: [==]%0a* [[Freedom.Lanofopportunity]] . . . February 04, 2021, at 01:24 PM by [[~jrmu]]: [==]%0a* [[Freedom.Opentoall]] . . . February 04, 2021, at 01:17 PM by [[~jrmu]]: [==]%0a* [[Freedom.Refuge]] . . . February 04, 2021, at 09:31 AM by [[~jrmu]]: [==]%0a* [[Dns.Providers]] . . . February 04, 2021, at 04:27 AM by [[~jrmu]]: [==]%0a* [[Guava.Guava]] . . . February 03, 2021, at 02:30 AM by [[~st13g]]: [==]%0a* [[Openbsd.Stable]] . . . February 02, 2021, at 02:25 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Base64]] . . . February 02, 2021, at 06:37 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Unboundadblock]] . . . February 02, 2021, at 04:29 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Pfbadhost]] . . . February 02, 2021, at 04:29 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Delphinusdnsd]] . . . February 02, 2021, at 01:51 AM by [[~jrmu]]: [==]%0a* [[Mango.Mango]] . . . January 31, 2021, at 12:01 PM by [[~nix]]: [==]%0a* [[Openbsd.Abuse]] . . . January 31, 2021, at 05:33 AM by [[~jrmu]]: [==]%0a* [[Freedom.Censorship]] . . . January 31, 2021, at 05:23 AM by [[~jrmu]]: [==]%0a* [[Debate.Firstamendment]] . . . January 31, 2021, at 05:20 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Phishing]] . . . January 31, 2021, at 05:02 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Audit]] . . . January 31, 2021, at 04:46 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ongoing]] . . . January 31, 2021, at 01:19 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Partners]] . . . January 31, 2021, at 12:32 AM by [[~jrmu]]: [==]%0a* [[Orange.Todo]] . . . January 30, 2021, at 11:31 AM by [[~jrmu]]: [==]%0a* [[Pear.Pear]] . . . January 29, 2021, at 06:09 PM by [[~dennis]]: [==]%0a* [[Openbsd.Httpopenproxy]] . . . January 29, 2021, at 11:01 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Zncadmin]] . . . January 29, 2021, at 10:00 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Rbldns]] . . . January 29, 2021, at 05:45 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Setuid]] . . . January 28, 2021, at 06:53 AM by [[~jrmu]]: [==]%0a* [[Openbsd.PFTesting]] . . . January 25, 2021, at 03:28 PM by [[~jrmu]]: [==]%0a* [[Openbsd.ZNCDaily]] . . . January 25, 2021, at 11:35 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Irssi]] . . . January 25, 2021, at 07:08 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Sysadmins]] . . . January 24, 2021, at 10:36 AM by [[~jrmu]]: [==]%0a* [[Debate.UnixPhilosophy]] . . . January 18, 2021, at 05:05 AM by [[~category_mirror]]: [==]%0a* [[Openbsd.XTerm]] . . . January 17, 2021, at 01:48 PM by [[~miniontoby]]: [=copyright=]%0a* [[UsersCategoryMirrory.Statement]] . . . January 17, 2021, at 02:44 AM by [[~category_mirror]]: [==]%0a* [[Email.Outlook]] . . . January 16, 2021, at 05:13 PM by [[~Zouheir]]: [==]%0a* [[Plum.Todo]] . . . January 16, 2021, at 12:09 AM by [[~st13g]]: [==]%0a* [[Debate.Ipsec]] . . . January 13, 2021, at 10:39 AM by [[~jrmu]]: [==]%0a* [[Plum.Plum]] . . . January 12, 2021, at 03:02 PM by [[~wiz]]: [==]%0a* [[Openbsd.Slrn]] . . . January 12, 2021, at 02:40 PM by [[~Noxturnix]]: [==]%0a* [[OpenBSD.CPAN]] . . . January 12, 2021, at 01:48 PM by [[~Dima]]: [==]%0a* [[Jujube.Todo]] . . . January 11, 2021, at 05:13 PM by [[~fizi]]: [==]%0a* [[Ircnow.Ilines]] . . . January 11, 2021, at 09:55 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Netcat]] . . . January 09, 2021, at 02:20 PM by [[~jrmu]]: [==]%0a* [[OpenBSD.Perl]] . . . January 09, 2021, at 02:04 PM by [[~dima]]: [==]%0a* [[Openbsd.Perl]] . . . January 09, 2021, at 01:52 PM by [[~jrmu]]: [==]%0a* [[Fig.Log]] . . . January 07, 2021, at 11:23 AM by [[~dima]]: [=test=]%0a* [[Fig.Todo]] . . . January 06, 2021, at 01:06 PM by [[~jrmu]]: [==]%0a* [[Grape.Todo]] . . . January 06, 2021, at 01:05 PM by [[~jrmu]]: [==]%0a* [[Pear.Todo]] . . . January 06, 2021, at 01:05 PM by [[~jrmu]]: [==]%0a* [[Jujube.Team]] . . . January 06, 2021, at 01:04 PM by [[~jrmu]]: [==]%0a* [[Mango.Todo]] . . . January 06, 2021, at 01:04 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Censorship]] . . . January 06, 2021, at 03:01 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Pentesters]] . . . January 05, 2021, at 11:17 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Coders]] . . . January 05, 2021, at 11:11 AM by [[~jrmu]]: [==]%0a* [[Banana.Todo]] . . . January 04, 2021, at 09:41 AM by [[~miniontoby]]: [=znc=]%0a* [[Users.CategoryMirrory]] . . . January 04, 2021, at 01:10 AM by [[~category_mirror]]: [==]%0a* [[UsersCategoryMirrory.Test]] . . . January 03, 2021, at 08:17 PM by [[~category_mirrory]]: [==]%0a* [[Users.Categorymirrory]] . . . January 03, 2021, at 08:12 PM by [[~category_mirrory]]: [=wrong caps=]%0a* [[Banana.Banana]] . . . January 03, 2021, at 02:39 PM by [[~miniontoby]]: [==]%0a* [[Orange.Orange]] . . . January 03, 2021, at 02:10 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Backup]] . . . January 03, 2021, at 01:46 PM by [[~jrmu]]: [==]%0a* [[Debate.Appledanger]] . . . January 02, 2021, at 01:35 AM by [[~jrmu]]: [==]%0a* [[Grape.Tasks]] . . . January 01, 2021, at 07:52 PM by [[~fizi]]: [==]%0a* [[Ircnow.Helpers]] . . . January 01, 2021, at 04:36 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Finances]] . . . January 01, 2021, at 04:15 AM by [[~jrmu]]: [==]%0a* [[Tutorial.Tutorial]] . . . January 01, 2021, at 03:25 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Testing]] . . . December 30, 2020, at 12:58 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Sshbackdoor]] . . . December 30, 2020, at 12:14 PM by [[~jrmu]]: [==]%0a* [[Mango.Packages]] . . . December 30, 2020, at 10:48 AM by [[~nix]]: [==]%0a* [[Ircnow.Contact]] . . . December 30, 2020, at 03:18 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Pf-bnc]] . . . December 29, 2020, at 06:30 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Partners2]] . . . December 29, 2020, at 02:52 PM by [[~jrmu]]: [==]%0a* [[Debate.Mozilladanger]] . . . December 27, 2020, at 03:05 AM by [[~jrmu]]: [==]%0a* [[Debate.Controlcomputer]] . . . December 27, 2020, at 03:02 AM by [[~jrmu]]: [==]%0a* [[Debate.Facebookdanger]] . . . December 27, 2020, at 03:01 AM by [[~jrmu]]: [==]%0a* [[Debate.Slackdanger]] . . . December 27, 2020, at 02:56 AM by [[~jrmu]]: [==]%0a* [[Debate.Freespeech]] . . . December 27, 2020, at 02:36 AM by [[~jrmu]]: [==]%0a* [[Debate.Ethicalflaws]] . . . December 27, 2020, at 02:31 AM by [[~jrmu]]: [==]%0a* [[Debate.Hatespeech]] . . . December 27, 2020, at 02:20 AM by [[~jrmu]]: [==]%0a* [[Debate.Monero]] . . . December 27, 2020, at 02:02 AM by [[~jrmu]]: [==]%0a* [[Debate.WhyNotC]] . . . December 26, 2020, at 06:43 PM by [[~searchsocial]]: [==]%0a* [[Debate.Python]] . . . December 26, 2020, at 06:21 PM by [[~jrmu]]: [==]%0a* [[Debate.Cash]] . . . December 26, 2020, at 06:18 PM by [[~jrmu]]: [==]%0a* [[Debate.Uberdanger]] . . . December 26, 2020, at 06:16 PM by [[~jrmu]]: [==]%0a* [[Debate.Microsoftdanger]] . . . December 26, 2020, at 06:15 PM by [[~jrmu]]: [==]%0a* [[Debate.Accessibility]] . . . December 26, 2020, at 06:14 PM by [[~jrmu]]: [==]%0a* [[Debate.Zoomdanger]] . . . December 26, 2020, at 06:08 PM by [[~jrmu]]: [==]%0a* [[Shell.Applications]] . . . December 19, 2020, at 06:21 PM by [[~fizi]]: [==]%0a* [[Third.Dillo]] . . . December 19, 2020, at 01:52 PM by [[~jrmu]]: [==]%0a* [[Third.Basilisk]] . . . December 19, 2020, at 01:38 PM by [[~jrmu]]: [==]%0a* [[Third.Directory]] . . . December 19, 2020, at 01:35 PM by [[~jrmu]]: [==]%0a* [[Guava.Packages]] . . . December 19, 2020, at 06:14 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Amplification]] . . . December 19, 2020, at 05:42 AM by [[~jrmu]]: [==]%0a* [[Openbsd.UDPFlood]] . . . December 18, 2020, at 10:39 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Tcpackflood]] . . . December 17, 2020, at 10:36 AM by [[~jrmu]]: [==]%0a* [[Openbsd.RSTFlood]] . . . December 17, 2020, at 10:34 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Tcpresetflood]] . . . December 17, 2020, at 10:34 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Ssdp]] . . . December 15, 2020, at 12:59 PM by [[~jrmu]]: [==]%0a* [[Bouncer.Igloo]] . . . December 14, 2020, at 09:39 AM by [[~Noxturnix]]: [==]%0a* [[Main.Terms]] . . . December 13, 2020, at 01:35 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Pf]] . . . December 13, 2020, at 12:03 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Install68]] . . . December 13, 2020, at 10:13 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Upgrade67]] . . . December 13, 2020, at 04:02 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Sysupgrade68]] . . . December 11, 2020, at 10:27 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Dokuwiki]] . . . December 10, 2020, at 02:23 PM by [[~miniontoby]]: [=code blocks fixed=]%0a* [[Openbsd.Acme-client]] . . . December 09, 2020, at 06:47 PM by [[~miniontoby]]: [=fixed troubleshooting links=]%0a* [[Freedom.Christian]] . . . December 08, 2020, at 01:12 AM by [[~jrmu]]: [==]%0a* [[Freedom.Finances]] . . . December 08, 2020, at 01:04 AM by [[~jrmu]]: [==]%0a* [[Shell.Sshkeys]] . . . December 07, 2020, at 10:36 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Install67]] . . . December 06, 2020, at 11:03 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Buyvm]] . . . December 06, 2020, at 02:42 AM by [[~jrmu]]: [==]%0a* [[Opernbsd.Buyvm]] . . . December 04, 2020, at 12:06 PM by [[~jrmu]]: [==]%0a* [[Bouncer.WeeChat]] . . . December 02, 2020, at 12:43 PM by [[~jrmu]]: [==]%0a* [[Bouncer.SimpleIRC]] . . . December 02, 2020, at 12:31 PM by [[~jrmu]]: [==]%0a* [[Freedom.Militia]] . . . December 02, 2020, at 04:18 AM by [[~jrmu]]: [==]%0a* [[Third.Third]] . . . December 01, 2020, at 01:49 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Oidentd]] . . . November 30, 2020, at 11:42 PM by [[~jrmu]]: [==]%0a* [[Ircnow.Helper]] . . . November 28, 2020, at 02:21 AM by [[~jrmu]]: [==]%0a* [[Bouncer.Hexchat]] . . . November 27, 2020, at 12:52 PM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloud]] . . . November 24, 2020, at 11:53 AM by [[~jrmu]]: [==]%0a* [[Bouncer.AdiIRC]] . . . November 24, 2020, at 11:42 AM by [[~jrmu]]: [==]%0a* [[Bouncer.RevolutionIRC]] . . . November 24, 2020, at 11:35 AM by [[~jrmu]]: [==]%0a* [[Bouncer.KiwiIRC]] . . . November 24, 2020, at 11:34 AM by [[~jrmu]]: [==]%0a* [[Bouncer.KVIrc]] . . . November 24, 2020, at 11:33 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IceChat]] . . . November 24, 2020, at 11:27 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloudiOS]] . . . November 24, 2020, at 11:20 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloudAndroid]] . . . November 24, 2020, at 11:20 AM by [[~jrmu]]: [==]%0a* [[Bouncer.IRCCloudWeb]] . . . November 24, 2020, at 11:19 AM by [[~jrmu]]: [==]%0a* [[Third.Catalog]] . . . November 23, 2020, at 07:52 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Checklist]] . . . November 20, 2020, at 12:44 AM by [[~gry]]: [=+=]%0a* [[Openbsd.Acopm]] . . . November 04, 2020, at 03:32 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Achurch]] . . . November 04, 2020, at 02:25 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Vi]] . . . November 04, 2020, at 12:51 PM by [[~jrmu]]: [==]%0a* [[Openbsd.Sudo]] . . . November 04, 2020, at 12:38 PM by [[~jrmu]]: [==]%0a* [[Freedom.Denomination]] . . . October 23, 2020, at 09:20 AM by [[~jrmu]]: [==]%0a* [[Vps.Intro]] . . . October 10, 2020, at 08:22 AM by [[~jrmu]]: [==]%0a* [[Ircweb.Ircweb]] . . . October 05, 2020, at 01:10 AM by [[~jrmu]]: [==]%0a* [[Http2irc.Http2irc]] . . . October 05, 2020, at 01:04 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Easyapp]] . . . September 29, 2020, at 12:13 PM by [[~jrmu]]: [==]%0a* [[Orange.Nl]] . . . September 17, 2020, at 08:43 AM by [[~miniontoby]]: [=Dutch correct page=]%0a* [[Grape.Guide]] . . . September 16, 2020, at 08:42 AM by [[~baytuch]]: [==]%0a* [[Orange.Id]] . . . September 08, 2020, at 09:51 AM by [[~gry]]: [=+=]%0a* [[Orange.Ru]] . . . September 07, 2020, at 11:29 PM by [[~gry]]: [=+=]%0a* [[Bouncer.MIRC]] . . . September 06, 2020, at 03:59 AM by [[~jrmu]]: [==]%0a* [[Debate.Bncnow]] . . . September 04, 2020, at 04:36 AM by [[~jrmu]]: [==]%0a* [[Openbsd.Cgit]] . . . September 01, 2020, at 05:51 PM by [[~baytuch]]: [==]%0a* [[Orange.Notes]] . . . August 27, 2020, at 03:38 AM by [[~gry]]: [=expanded=]%0a* [[Shell.ShellSSHKEYS]] . . . August 25, 2020, at 10:00 PM by [[~gry]]: [=permissions added=]%0a* [[Bouncer.Irccloud]] . . . August 24, 2020, at 12:20 PM by [[~jrmu]]: [==]%0a* [[GrapeTeam.Tracker]] . . . August 24, 2020, at 10:16 AM by [[~gry]]: [=+=]%0a* [[GrapeTeam.GrapeTeam]] . . . August 24, 2020, at 10:13 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Course]] . . . August 21, 2020, at 05:01 AM by [[~gry]]: [==]%0a* [[Openbsd.Bchs]] . . . August 20, 2020, at 07:11 AM by [[~jrmu]]: [==]%0a* [[Ircnow.Todo]] . . . August 20, 2020, at 06:48 AM by [[~jrmu]]: on_is_active php_session_active squirrelmailing sqsession_start troubleshooting authentication session_status config_default webmail_access modifications configuration unfortunately accessibility administrator webmail_error compatibility acceleration default_pref organization replacement disposition alternative information sourceforge permissions certificate interactive configuring preferences letsencrypt development compatible javascript configtest connection additional nameserver configured afterwards extracting attempting installing documents complains openhttpd functions localhost opensmtpd challenge supported subdomain receiving databases recommend necessary following languages delimiter directory debugging fusername essential addresses installed chrooted smtphost projects browsers normally location provides tlsmulti 26214400 required remember original security listener optional settings sendmail properly software specific licensed messages brackets instance writable services browsing defaults drawback continue opening control dovecot fastcgi already contact defines example initial unbound folders unusual request plugins general command servers defined private options however records contrib include restart because nologin disable exiting keypair baytuch strings misused charset appears content instead openbsd release sending mt_rand another subject version tarball warning charlie without changes resolve foxtrot uploads written client relayd needed return logout syntax longer cannot latest htdocs braces rather offset typing before themes ircnow frames across making should switch please detect secure invert readme global create update system locale report serial delete femail myname daemon lookup socket number errors trying issues actual stable inline attach master reload touch could color chown check chmod needs first intro shell rcctl php74 mkdir books hosts write above https there false using might every ascii happy delta curly array fatal bravo query where since which setup exist works notes saved files press alpha enter means class block title index chain strip lines known worry based ifend about zones this doas 2001 imap will well page your real acme make sure that aaaa ipv4 does fccf want 1008 2602 than sbin chsh help bind body some copy runs both must logs like when ctrl type echo xvzf find uses html many wiki easy fees more exec text once were have made mime done next move into ipv6 pop3 menu sign quit full motd hide give edit time www ssl etc var 127 day see has 162 bad gpl 451 fix ksh 644 zip its 755 ftp net way crt 634 usr 403 src nsd fpm dns max few db8 143 via by gz 22 cd rx 38 87 mv 80 9
+time=1731560380
Relayd.TLSMulti:1628325508: Relayd.Acceleration Openhttpd.Hosting Acme-client.Configure Pf.Guide Openssl.Http : troubleshooting acknowledgments configuration acceleration dramatically remote_addr server_port permissions server_addr connections simpletable certificate commentary configured especially consulting forwarding foreground plaintext correctly debugging fullchain openhttpd available forwarded verbosity splitting listening challenge following selective remaining instances directory stacksize newsyslog openfiles service1 service2 searches increase database disabled protocol symlinks starting services tlsmulti sortable requests complete template filtered properly networks rotation addition location listener expanded multiple messages concepts example keypair listens finally backlog running private www6tls warning openbsd respond content produce provide verbose replace hosting devices android earlier maximum inspect enabled another domains openssl syslogd reverse headers td76656 without archive default already missing labeled records address option actual relayd handle relays create nabble wwwtls define packet turned before client please border append serves common public errors either cannot number blocks syntax bottom daemon assume entire typing failed simply sample second notice output https certs class there check rcctl first pfctl width guide login fails queue where names large which value match avoid above ports using based wrong entry lines close title below doesn three users index known third proxy while strip 8020 sure 8001 8002 icmp 4096 have make 2001 need will both that ipv6 them this want acme they ipv4 your edit what sack time doas then must logs html 7691 into send busy wish from real upon look test like stop ones auto when well root load last says also ddos etc 443 crt sub see are any ip4 ios tcp org man cur 96m 128 its won var may nsd set dns how pem 100 dvv 127 168 192 ip6 db8 of n7 by ln=
Relayd.Acceleration:1628324627: Pf.Guide Leafnode.Install Tcpip.Sockets Openbsd.Znc Openhttpd.Configure Openhttpd.Hosting Telnet.Http Znc.Chroot Openbsd.Netcat Acme-client.Configure Openssl.Http : troubleshooting acknowledgments eavesdropping configuration dramatically introduction acceleration permissions server_addr connections simpletable server_port remote_addr certificate integration application transparent forwarding encryption webhosting configured foreground indication afterwards especially commentary splitting openhttpd plaintext challenge openfiles forwarded stacksize listening selective necessary directory fullchain providing debugging correctly sometimes following newsyslog verbosity available instances location service1 service2 symlinks protocol possible searches template requests listener filtered bouncers sortable database rotation addition increase messages balancer networks properly features plumbing normally exposing leafnode starting disabled complete private example produce keypair openbsd missing warning running replace address labeled default records openssl sockets install android devices verbose td76656 archiv=
blob - 446e194a7ffaa1cf5b18bd75977634523b064751
blob + dc6091885ac9129a5dc9168fe245ed0be2193cb3
--- wiki.d/SiteAdmin.Blocklist-MoinMaster
+++ wiki.d/SiteAdmin.Blocklist-MoinMaster
host=198.251.82.194
name=SiteAdmin.Blocklist-MoinMaster
passwdread=@lock
-rev=926
+rev=927
text=%0a [@%0a## blocklist-note: NOTE: This page is automatically generated by blocklist.php%0a## blocklist-note: NOTE: Any edits to this page may be lost!%0a## blocklist-url: http://moinmo.in/BadContent?action=raw%0a## blocklist-when: 2020-07-30T09:38:19%0a# blocklist-format: regex%0a#### Unable to download blocklist (allow_url_fopen=)%0a @]%0a
-time=1731462503
+time=1731549475
blob - 9348360dc37a596ff0ce02b18f948b100b0857ea
blob + f83b3b3ebaaae5cefe7d94a355461b9901a643c8
--- wiki.d/Tls.RecentChanges
+++ wiki.d/Tls.RecentChanges
ctime=1629544225
host=198.251.82.194
name=Tls.RecentChanges
-rev=3
-text=* [[Tls/Intro]] . . . @2024-11-13T03:07:59Z by [[~jrmu]]: [==]%0a* [[Tls/CA]] . . . August 21, 2021, at 11:10 AM by [[~jrmu]]: [==]%0a
-time=1731467279
+rev=7
+text=* [[Tls/San]] . . . @2024-11-14T01:37:31Z by [[~jrmu]]: [==]%0a* [[Tls/Intro]] . . . @2024-11-13T03:07:59Z by [[~jrmu]]: [==]%0a* [[Tls/CA]] . . . August 21, 2021, at 11:10 AM by [[~jrmu]]: [==]%0a
+time=1731548251
blob - /dev/null
blob + 552ef32cc8aa9d394f37f0b1379f2ff15a634307 (mode 644)
--- /dev/null
+++ wiki.d/Tls.Intro
+version=pmwiki-2.3.20 ordered=1 urlencoded=1
+agent=w3m/0.5.3+git20230121
+author=jrmu
+charset=UTF-8
+csum=
+ctime=1731467196
+host=198.251.82.194
+name=Tls.Intro
+rev=2
+targets=Acme-client.Configure,Openhttpd.Tls,Ngircd.Ssl
+text=(:title Introduction to TLS:)%0a%0a!! Overview%0a%0aTLS (Transport Layer Security) aka SSL (Secure Sockets Layer) is the encryption%0asecurity measure that enables browsers to recognize a website as "secure". In%0amodern browsers the SSL information can be accessed by clicking the padlock%0aicon in the address bar.%0a%0aTLS certificates are obtained from CAs (Certificate Authorities). Some free (as%0ain price) CAs are [[https://letsencrypt.org/getting-started/|Lets Encrypt]],%0a[[https://www.buypass.com/ssl/products/acme|Buypass]] and%0a[[https://zerossl.com/|ZeroSSL]]. You can request a TLS cert for your hostname%0ausing an%0a[[https://letsencrypt.org/how-it-works/|Automatic Certificate Management Environment (ACME)]]%0aclient such as OpenBSD's [[acme-client/configure|acme-client]].%0a%0aOnce a certificate has been requested, it can be used for encrypting%0aconnections to your servers (such as your [[openhttpd/tls|web server]] or%0a[[ngircd/ssl|irc server]]).%0a
+time=1731467279
+title=Introduction to TLS
+author:1731467279=jrmu
+diff:1731467279:1731467196:=20c20%0a%3c [[ngircd/ssl|irc server]]).%0a---%0a> [[ngircd/tls|irc server]]).%0a
+host:1731467279=198.251.82.194
+author:1731467196=jrmu
+diff:1731467196:1731467196:=1,20d0%0a%3c (:title Introduction to TLS:)%0a%3c %0a%3c !! Overview%0a%3c %0a%3c TLS (Transport Layer Security) aka SSL (Secure Sockets Layer) is the encryption%0a%3c security measure that enables browsers to recognize a website as "secure". In%0a%3c modern browsers the SSL information can be accessed by clicking the padlock%0a%3c icon in the address bar.%0a%3c %0a%3c TLS certificates are obtained from CAs (Certificate Authorities). Some free (as%0a%3c in price) CAs are [[https://letsencrypt.org/getting-started/|Lets Encrypt]],%0a%3c [[https://www.buypass.com/ssl/products/acme|Buypass]] and%0a%3c [[https://zerossl.com/|ZeroSSL]]. You can request a TLS cert for your hostname%0a%3c using an%0a%3c [[https://letsencrypt.org/how-it-works/|Automatic Certificate Management Environment (ACME)]]%0a%3c client such as OpenBSD's [[acme-client/configure|acme-client]].%0a%3c %0a%3c Once a certificate has been requested, it can be used for encrypting%0a%3c connections to your servers (such as your [[openhttpd/tls|web server]] or%0a%3c [[ngircd/tls|irc server]]).%0a
+host:1731467196=198.251.82.194
