How to renew Certificate Revocation List

If you get the following error:

VERIFY ERROR: depth=0, error=CRL has expired

it means that the Certificate Revocation List is expired and needs to be renewed. (Rationale). Here’s how you can do that.

Checking the expiration period:

openssl crl -in <strong>ca-crl.pem</strong> -text | grep 'Next Update'

To renew run:

openssl ca -gencrl -config ca.conf -out ca-crl.pem

 

To modify the interval change default_crl_days.

Vim: vim behaves as vi and drives you nuts – how to fix

For some reason vim on Debian went crazy and stopped worked as vim. This is how to make it work like vim instead of vi.

cp /usr/share/vim/vim74/vimrc_example.vim ~/.vimrc

and change

" In many terminal emulators the mouse works just fine, thus enable it.
if has('mouse')
set mouse=a
endif

to

" In many terminal emulators the mouse works just fine, thus enable it.
if has('mouse')
set mouse=r
endif

Hooray.

Postfix: send email using another Postfix

Some host providers block all email ports (like TCP/25 and TCP/587). Here’s  simple of example of how to setup two STMP servers, where SMTP1 is a relay server (forwarder), and SMTP2 uses SMTP1 to send email. Both are using default configuration files with slight changes.

SMTP1 (smart host) 

This config line allows SMTP2 to send email without SMTP authorization. For the sake of security it would make sense to restrict access to port 2525 using iptabes.

mynetworks = 127.0.0.1 <IP_of_SMTP2>

This goes to /etc/postfix/main.cf.

And the following

2525 inet n - n - - smtpd

goes to /etc/postfix/master.cf on SMTP1. So that Postfix opens TCP port 2525.

SMTP2

Add this to /etc/postfix/main.cf on SMTP2.

smtp_always_send_ehlo = yes<br />relayhost = 199.101.134.4:2527<br /><br />

After restart you should be able to send emails from SMTP2 via SMTP1‘s using port 2525.