Vodafone Mobile Broadband on Ubuntu with wvdial


May 14th, 2008

UPDATE! See my newer post on this for a better solution.

I have a vodafone mobile broadband. My modem is a external USB dongle: Huawei E220. It was detected automagically by Ubuntu 8.04 (x86) when I plugged it in. I use wvdial to connect, with this configuration:

aj@aj-laptop:~$ cat /etc/wvdial.conf
[Dialer Defaults]
New PPPD = yes
[Dialer vf]
Phone = *99***1#
Username = vodafone
Password = vodafone
Stupid Mode = 1
Dial Command = ATDT
Modem = /dev/ttyUSB0
Baud = 460800
Init2 = ATZ
Init3 = ATE0V1&D2&C1S0=0+IFC=2,2
ISDN = 0
Modem Type = Analog Modem
Init5 =AT+CGDCONT=1,"IP","vfinternet.au";

To connect to the net:

  • Install wvdial
  • Plug in the modem
  • Open a terminal window
  • wvdial vf
  • Leave the terminal window open and press ctrl-c to disconnect.
    • Comment (0)

    Postfix, Dovecot, Mailscanner on CentOS: notes


    May 4th, 2008

    Notes on setting up the following:

    • Postfix 2.3
    • Dovecot 1.0
    • MailScanner 4.68.8

    On CentOS 5.

    Postfix is setup with all domains as virtual domains, delivering to Maildirs in an arbitrary location. Virtual alias maps is implemented as hash db.

    Dovecot makes the maildirs availble via IMAP. Authentications details are stored in a flat file.

    MailScanner is configured to scan all incoming mail with SpamAssassin and ClamAV. It delivers all mail with modified headers only (no untraceable bouncing or subject mangling).

    SMTP-AUTH is enabled with Postfix deferring to Dovecot.

    Basic SMTP sender checks are done in postfix (including RBLs).

    TLS is enabled for all systems.

    Postfix

    main.cf settings to remember:

    • header_checks = regexp:/etc/postfix/header_checks -- to stick everything incoming into the Hold queue for MailScanner. Remove if not using MailScanner.
    • inet_interfaces = localhost, mx.bluebottle.net.au
    • smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org – RBLs as desired
    • smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname — don’t use reject_unknown_helo_hostname, breaks too many real servers
    • smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    • smtpd_sasl_auth_enable = yes
    • smtpd_sasl_path = private/auth – the same path as in dovecot conf
    • smtpd_sasl_type = dovecot
    • smtpd_tls_cert_file = /etc/pki/postfix/certs/postfix.pem
    • smtpd_tls_key_file = /etc/pki/postfix/private/postfix.pem
    • smtpd_tls_security_level = may

    openssl req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365
    chown root:root $CERTFILE $KEYFILE
    chmod 0600 $CERTFILE $KEYFILE

    OPENSSLCONFIG:
    [ req ]
    default_bits = 1024
    encrypt_key = yes
    distinguished_name = req_dn
    x509_extensions = cert_type
    prompt = no
    [ req_dn ]
    C=AU
    ST=Western Australia
    L=Perth
    O=bluebottle.net.au
    OU=SMTP server
    CN=mx.bluebottle.net.au
    emailAddress=postmaster@bluebottle.net.au
    [ cert_type ]
    nsCertType = server

    CERTFILE:
    /etc/pki/postfix/certs/postfix.pem

    KEYFILE:
    /etc/pki/postfix/private/postfix.pem

    • virtual_mailbox_domains = bluebottle.net.au
    • virtual_alias_maps = hash:/etc/postfix/virtmap
    • virtual_mailbox_maps = hash:/etc/postfix/virtdeliver
    • virtual_mailbox_base = /home/vmail
    • virtual_uid_maps = static:5000 – whatever the vmail UID is
    • virtual_gid_maps = static:5000

    /etc/postfix/virtmap:
    # Contains all the addresses this server accepts
    # And their mappings to final address
    # Don’t forget postmap /etc/postfix/virtmap
    alex@bluebottle.net.au        alex@bluebottle.net.au
    root@bluebottle.net.au        root@bluebottle.net.au
    abuse@bluebottle.net.au        root@bluebottle.net.au

    /etc/postfix/virtdeliver:
    # Contains mappings from accepted addresses to
    # local mailbox location
    alex@bluebottle.net.au                  bluebottle.net.au/alex/
    root@bluebottle.net.au                  rootemails/

    Dovecot

    Generate SSL certificate. vi `locate dovecot-openssl.cnf` to edit details. Then exec `locate dovecot-1.0/examples/mkcert.sh`.

    • mail_location: maildir:/home/vmail/%d/%n
    • auth default { mechanisms = plain login cram-md5 — cram-md5 is aka hmac-md5 in non-current versions of Dovecot. This lets you logon with the password hash, eg ‘Secure Authentication’ in Thunderbird and a few other clients
    • … passdb passwd-file { args = /home/vmail/passwd }
    • … userdb static { args = uid=vmail gid=vmail /home/vmail/%d/%n/ }
    • … socket listen { client { path = /var/spool/postfix/private/auth ; mode = 0660 ; user = postfix ; group = postfix } }

    /home/vmail/passwd:
    # Contains username and password for all user accounts
    # Take note how username interacts with mail_location
    # Generate password hash with dovecotpw
    alex@bluebottle.net.au:{HMAC-MD5}999999a9bc23ca3b828faf15f9efb17152f71d9d0e5bc473194a05cebe34eaf
    rootemails:{HMAC-MD5}999999a5e380b6b4ff3c1805c6d8661456dd2565c6d9fe63e5fe72c78cc4941

    MailScanner

    • Install via RH RPM from http://mailscanner.info/downloads.html
    • Setup according to http://mailscanner.info/postfix.html
    • Install the “ClamAV and SpamAssassin easy installation package” from downloads page above

    Requires much tweaking to make it not modify the message apart from adding headers:

    • Scan Messages = %rules-dir%/scan.messages.rules – you want to exclude your own domain(s) so nothing coming from your domain is listed as spam (especially for users sending via SMTP-AUTH from a dynamic IP range, which will set off various RBLs)
    • Dangerous Content Scanning = no
    • Mail Header = X-%org-name%-MailScanner-VirusCheck: – the default never made much sense to me
    • #Information Header = X-%org-name%-MailScanner-Information: – useless
    • Clean Header Value = Clean ; Infected Header Value = Infected ; Disinfected Header Value = Disinfected
    • Always Include SpamAssassin Report = no
    • Multiple Headers = add
    • Sign Clean Messages = no
    • Mark Infected Messages = no
    • Mark Unscanned Messages = no
    • Notify Senders = no really not a good idea
    • Scanned Modify Subject = no ; Virus Modify Subject = no — etc etc
    • Add Watermark = yes ; Watermark Secret = %org-name%-Secret-111111 – set this section as appropriate
    • Max SpamAssassin Size = 200k trackback
    • Spam Actions = deliver header “X-Spam-Status: Yes”
    • High Scoring Spam Actions = deliver header “X-Spam-Status: Yes”
    • Non Spam Actions = deliver header “X-Spam-Status: No”
    • MCP Checks = no

    /etc/MailScanner/rules/scan.messages.rules:
    # We want to scan everything by default, but ignore mail that is sent from our SMTP-AUTH users.
    #They’ll probably be in a dynamic IP range which is in various RBLs like the PBL.
    From:           bluebottle.net.au       no
    FromOrTo:       default                 yes

    Other Notes:

    • postfix reload (may require a stop; start for some settings)
    • service dovecot restart
    • service MailScanner restart (also restarts postfix)
    Comment (1)

    Archives

    Misc