จัดการ iRedmail Firewall ที่มาครอบ Firewalld (firewall-cmd)

 การติดตั้ง iRedmail เวอร์ชั่นหลัง ๆ หากเราเลือกให้ใช้ iRedmail firewall แทน firewalld ที่มากับระบบลีนุกส์เช่น CentOS, Ubuntu การปรับแต่ง Firewall rule เช่น การ add port, server ด้วยคำสั่ง firewall-cmd มักไม่มีปัญหา

คำสั่งเพิ่ม Ip Public เพื่อมาคุยกับ port 25

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="202.210.110.10/32" port port=25 protocol=tcp accept'

วันนี้ใช้ firewall-cmd add rule ที่เกี่ยวกับ IP Addr (Internal/Public) เพื่อมาคุยกับ port 25 พบว่า หลังจากแอดกฎได้แล้ว เมื่อทำการลบกฎทิ้งจะรัน firewall-cmd --reload เพื่อบันทึกไม่ได้ 

การจัดการ Firewall บน Mail Server ที่ใช้ iRedMail ควรเน้นไปที่การแก้ไขไฟล์ /etc/firewalld/zones/iredmail.xml โดยตรง หลีกเลี่ยงการใช้ Rich Rules ร่วมกับ Ipset และทำความเข้าใจโครงสร้าง Firewall ของ iRedMail อย่างละเอียด

ให้เข้าไปจัดการในไฟล์ iredmail.xml

//--iredmail.xml--//

[root@mx ~]# vim /etc/firewalld/zones/iredmail.xml

<?xml version="1.0" encoding="utf-8"?>

<zone>

  <short>Mail services</short>

  <description>Allow access to mail services from external network.</description>

  <service name="http"/>

  <service name="https"/>

  <service name="smtp-submission"/>

  <service name="pop3"/>

  <service name="pop3s"/>

  <service name="imap"/>

  <service name="imaps"/>

  <service name="ssh"/>

  <port port="465" protocol="tcp"/>

  <rule family="ipv4">

    <source address="192.168.20.154/32"/>

    <port port="25" protocol="tcp"/>

    <accept/>

  </rule>

  <rule family="ipv4">

    <source ipset="my_ip_rf_set"/>

    <port port="25" protocol="tcp"/>

    <accept/>

  </rule>

  <rule family="ipv4">

    <source ipset="orisma"/>

    <port port="25" protocol="tcp"/>

    <accept/>

  </rule>

  <rule family="ipv4">

    <source address="202.210.110.10/32"/>

    <port port="25" protocol="tcp"/>

    <accept/>

  </rule>

</zone>

//--end--//

: เพื่อบันทึก

firewall-cmd --reload

//-------check firewalld rules ----------//

#firewall-cmd --list-all

iredmail (active)

  target: default

  icmp-block-inversion: no

  interfaces: ens192 ens224

  sources:

  services: http https imap imaps pop3 pop3s smtp-submission ssh

  ports: 465/tcp

  protocols:

  forward: no

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:

        rule family="ipv4" source address="202.210.110.10/32" port port="25" protocol="tcp" accept

        rule family="ipv4" source address="192.168.20.154/32" port port="25" protocol="tcp" accept

#firewall-cmd --permanent --list-all

iredmail

  target: default

  icmp-block-inversion: no

  interfaces:

  sources:

  services: http https imap imaps pop3 pop3s smtp-submission ssh

  ports: 465/tcp

  protocols:

  forward: no

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:

        rule family="ipv4" source address="192.168.20.154/32" port port="25" protocol="tcp" accept

        rule family="ipv4" source address="202.210.110.10/32" port port="25" protocol="tcp" accept

# firewall-cmd --list-all --zone=iredmail

iredmail (active)

  target: default

  icmp-block-inversion: no

  interfaces: ens192 ens224

  sources:

  services: http https imap imaps pop3 pop3s smtp-submission ssh

  ports: 465/tcp

  protocols:

  forward: no

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:

        rule family="ipv4" source address="202.210.110.10/32" port port="25" protocol="tcp" accept

        rule family="ipv4" source address="192.168.20.154/32" port port="25" protocol="tcp" accept

How to run install windows update with windows command

Reference : install windows command

Run this command with powershell ->Administrator

PS C:\Windows\system32> cd ..
PS C:\Windows> cd ..

PS C:\> Set-ExecutionPolicy RemoteSigned

Execution Policy Change

The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose

you to the security risks described in the about_Execution_Policies help topic at

https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?

[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): Y

PS C:\> Install-Module PSWindowsUpdate
NuGet provider is required to continue
PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
 provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
'C:\Users\rfaycaldr\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by
running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install
and import the NuGet provider now?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): A
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): Y

PS C:\> Get-WindowsUpdate
ComputerName Status     KB          Size Title
------------ ------     --          ---- -----
AYSWDRSVS... -D-----    KB890830    73MB Windows Malicious Software Removal Tool x64 - v5.130 (KB890830)
AYSWDRSVS... -D-----    KB5046547   72MB 2024-11 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microso...
AYSWDRSVS... -D-----    KB2267602    1GB Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (...
AYSWDRSVS... -D-----    KB5046616   25GB 2024-11 Cumulative Update for Microsoft server operating system version 21H...

PS C:\> Get-WindowsUpdate -AcceptAll -Install -AutoReboot

How to install fish shell and oh my post them

 See link youtube https://www.youtube.com/watch?v=NRGzYzgWFwM

open Terminal

sudo apt install fish -y

chsh -s /usr/bin/fish

sudo wget https://github.com/JanDeDobbeleer/oh-my-posh/releases/latest/download/posh-linux-amd64 -o /usr/local/bin/oh-my-posh

sudo rm /usr/local/bin/oh-my-posh

sudo mv posh-linux-amd64 /usr/local/bin/oh-my-posh

sudo chmod +x /usr/local/bin/oh-my-posh

vim ~/.config/fish/config.fish

#add below to file config.fish

oh-my-posh init fish --config $HOME/.poshthemes/montys.omp.json | source

Download font

mkdir -p $HOME/.local/share/fonts

wget https://github.com/ryanoasis/nerd-fonts/releases/download/v3.2.1/FiraCode.zip -O $HOME/Downloads/firacode.zip

unzip $HOME/Downloads/firacode.zip -d $HOME/.local/share/fonts

fc-cache -f -v

run Tweaks

open teminal

mkdir ~/.poshthemes

wget https://github.com/JanDeDobbeleer/oh-my-posh/releases/latest/download/themes.zip -O ~/.poshthemes/themes.zip

unzip ~/.poshthemes/themes.zip -d ~/.poshthemes

chmod  u+rw ~/.poshthemes/*.json

bash -c "$(wget -qO- https://git.io/vQgMr)"

shoose : Everforest Dark Hard

bash -c "$(wget -qO- https://git.io/vQgMr)"

shoose : Everforest Light Hard

finish logout ubuntu

Create certificate with openssl command to install on IIS (windows 2019)

 Create certificate with openssl command to install IIS

#Create csr and praivatekey

openssl genrsa -out faxconkey.key 2048

chmod a-w faxconkey.key

openssl req -out faxconcsr.csr -key faxconkey.key -new -sha256

#copy file .csr and .key to windows server for gen file cert

open browser http://servertest/certsrv/

login: user Administrator domain

passwd:

-> Request certificate

-> Advanced certificate request

-> open file .csr with notepad and copy text file on .csr to generate cer

-> Certificate template : Web Server

-> Submit

-> Download file certificate

-> Convert .cer to .pfx

c:\Program Files\OpenSSL-Win64\bin>openssl pkcs12 -export -in D:\Certificate\test\faxconcer.cer -inkey D:\Certificate\test\faxconKey.key -out D:\Certificate\test\certificate-faxcon.pfx

Enter passwd key:

-> Install file .pfx to IIS server by import

Fix issue window server 2019 shutdown automatice when running 1-2 hour.

 fix by activate windows use free lic 6 time with in 3 year.

Run Powershell with Administrato and run command

dism /Online /Get-TargetEditions

dism /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEula

Reboot system.

Create self certificate on Centos 5.3 (Mail Server)

Reference Website: isp mailserver with virtual users domains postfix dovecot mysql centos5.0

-----------------------------------------

mkdir -p /etc/postfix/ssl/certificate

cd /etc/postfix/ssl/certificate

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.key

openssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 365 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365

-----------------------------------------

Check certificate

openssl x509 -in cacert.pem -text -noout

Mount cifs centos 7.9 server - windows share file

run command: 

sudo mount -t cifs -o username=shareusername,password=sharepassword //server/share /mnt

Ref: mount cifs

Activate windows 11 to permanent

 ref: Activate windows 10-11

Activating Windows Pro Permanently

Note: This method requires you to have a Microsoft account connected! This is the method most people may use as this one activates it PERMANENT.

1. Press + R to open the Run menu.
2. Enter 'powershell' in the box of the Run menu.
3. Press Ctrl + Shift + Enter.
4. In the PowerShell window, enter the following command and press Enter: irm https://massgrave.dev/get | iex
5. Wait until the windows for the activation tool pops up.
6. Choose the option for HWID Activation by pressing the key associated with it.
7. Wait until it completes. It might give an SKU value error, but it will complete successfully. If it doesn't try again a few times and it should work.

Check windows license

slmgr /dlv

slmgr /dli

การเพิ่ม Mouse Huawei CD20 ใน Ubuntu 22.04

 1. แก้ไขไฟล์ Bluetooth

sudo vim /etc/bluetooth/main.conf

ControllerMode = dual
ControllerMode = le -> แบบนี้ก็แอดเมาส์ได้แต่ มันจะเลื่อนเมาส์ช้ากว่า dual

2. Restart service Bluetooth

sudo systemctl restart bluetooth.service

check bluetooth status

sudo systemctl status bluetooth.service

3. Add mouse

3.1 command

sudo bluetoothctl

- devices  -> ดูอุปกรณ์

- scan on/off

- trust DD:FD:66:FB:6D:E9 -> mac address mouse

- connect DD:FD:66:FB:6D:E9

- pair DD:FD:66:FB:6D:E9

** ขั้นตอนนี้ให้กดเมาส์แชร์ไฟสีแดงไว้ ไม่งั้นจะเชื่อมต่อไม่ได้

How to access Remote Desktop RDP openSUSE

Refferen from https://drive.google.com/file/d/1iAW0FSXUsTIwjEMI3lg_7EbCYCaQabbN/view 

1) Run the following command to install xfce if not installed (if installed already nothing will happen):

	sudo zypper install -t pattern xfce

2) Install and enable XRDP
	sudo zypper install xrdp xorgxrdp
	sudo systemctl enable xrdp
	sudo systemctl start xrdp

3) If your OS firewall is running. Allow RDP (TCP port 3389) through the firewall:
	sudo systemctl status firewalld
	sudo firewall-cmd --permanent --zone=public --add-port=3389/tcp
	sudo firewall-cmd --reload

** ถ้าเครื่องใช้ KDE, Gnome Desktop ไม่ต้องรันก็ได้
4) Set your user to use XFCE for RDP
	echo "xfce4-session" > /home/YOUR_USERNAME/.xsession