Markus Benning – with full speed and blue lights

16. August 201717. August 2017

Using system postfix as mail relay for docker containers

If you configured postfix as a local MTA it will only listen on local network devices. To make it accessible from your docker container add the docker0 interface to inet_interfaces in main.cf:

inet_interfaces = 127.0.0.1, [::1], 172.17.0.1

1	inet_interfaces = 127.0.0.1, [::1], 172.17.0.1

Since the docker interface is started when the docker service starts you have to make sure docker is started before postfix. With systemd you can do this by creating the file /etc/systemd/system/postfix.service.d/after-docker.conf with the content:

[Unit]
After=docker.service

1 2	[Unit] After=docker.service

If you want to sent outgoing mails with a destination other than the local system you can allow this by adding the docker subnet to mynetworks in main.cf:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.1/16

1	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.1/16

2. January 2017

mtpolicy package included in Debian/unstable

Thanks to Scott Kittermann mtpolicyd found its way into the official Debian repository:

https://packages.debian.org/sid/mtpolicyd

2. September 2016

Talk: Using Gitlab CI/Registry for automated Docker builds

On 1. Sept. 2016 i held a talk about using Gitlab with the built in CI and Registry for an automated Docker workflow at the local Docker Bamberg Meetup.

Agenda:

About Gitlab
1. What is Gitlab?
2. Community of Enterprise?
3. Installation options
Setup Gitlab environment
1. Overview
2. Starting it up
3. Setting up the Gitlab server
4. Setting up the Runner
Setup your personal user account
Setup a project
1. Create the project in gitlab
2. Add a build job to the CI
Run your Docker image
Build versioned releases

Find the slides at:

Online at https://markusbenning.de/slides-gitlab-ci-docker-builds/
Project Repository at https://github.com/benningm/slides-gitlab-ci-docker-builds

14. June 201614. June 2016

Analyze car traffic with Elasticsearch and Kibana

There are currently a lot of construction sites on the my way to work. Therefor i wanted to know when the traffic jams start to occur and whats the best time to get to work.

Google Maps show current traffic on their routing service and “Hey!” there is a API for it: https://developers.google.com/maps/documentation/directions/. You just have to apply for API key there and they give you 2500 queries a day for free.

I started querying the data with curl. Since its a REST API thats really easy:

$ curl -X GET 'https://maps.googleapis.com/maps/api/directions/json?key=<your-key>&origin=<home>&destination=<work>&mode=driving&departure_time=now

1	$ curl -X GET 'https://maps.googleapis.com/maps/api/directions/json?key=<your-key>&origin=<home>&destination=<work>&mode=driving&departure_time=now

That will output a lot of JSON data to your screen. And since elasticsearch is schema-less and also uses JSON getting the data into elasticsearch is also really easy. Just pipe the data into another curl command:

<previous-curl> | curl 'http://localhost:9200/traffic/work/' -d '@-'

1	<previous-curl> \| curl 'http://localhost:9200/traffic/work/' -d '@-'

That will already works, but to build up time series a timestamp is needed within each document. A small script was needed to reformat the document before pushing it to the elasticsearch index:

#!/usr/bin/env perl

use strict;
use warnings;

use LWP::UserAgent;
use JSON;
use Time::Piece;
use Search::Elasticsearch;
use URI;

sub usage {
  print "usage: $0 <from> <to>\n"
}

if( scalar(@ARGV) != 2 ) {
  usage;
  exit 1;
}

my $from = $ARGV[0];
my $to = $ARGV[1];

my $url = URI->new('https://maps.googleapis.com/maps/api/directions/json');
$url->query_form(
  key => '<your-key>',
  mode => 'driving',
  departure_time => 'now',
  origin => $from,
  destination => $to,
);

my $ua = LWP::UserAgent->new;

my $response = $ua->get($url);
if ( ! $response->is_success ) {
  die('could not retrieve data: '.$response->status_line);
}
my $data = from_json( $response->content );

my $es = Search::Elasticsearch->new( nodes => [ 'localhost:9200' ] );

$es->index(
  index   => 'traffic',
  type    => 'google_traffic',
  body    => {
    '@timestamp' => Time::Piece->gmtime->datetime,
    from => $from,
    to => $to,
    %$data,
  }
);

#!/usr/bin/env perl

use strict;

use warnings;

use LWP::UserAgent;

use JSON;

use Time::Piece;

use Search::Elasticsearch;

use URI;

sub usage {

print "usage: $0 <from> <to>\n"

}

if( scalar(@ARGV) != 2 ) {

usage;

exit 1;

}

my $from = $ARGV[0];

my $to = $ARGV[1];

my $url = URI->new('https://maps.googleapis.com/maps/api/directions/json');

$url->query_form(

key => '<your-key>',

mode => 'driving',

departure_time => 'now',

origin => $from,

destination => $to,

);

my $ua = LWP::UserAgent->new;

my $response = $ua->get($url);

if ( ! $response->is_success ) {

die('could not retrieve data: '.$response->status_line);

}

my $data = from_json( $response->content );

my $es = Search::Elasticsearch->new( nodes => [ 'localhost:9200' ] );

$es->index(

index => 'traffic',

type => 'google_traffic',

body => {

'@timestamp' => Time::Piece->gmtime->datetime,

from => $from,

to => $to,

%$data,

}

);

Next step was to run this script every 10 minutes in a cronjob:

*/10 * * * * perl <path>/google-traffic '<from>' '<to>'

1	/10 * * * perl <path>/google-traffic '<from>' '<to>'

And to create a simple visualization in kibana based on the routes.legs.duration_in_traffic.value field:

28. April 201628. April 2016

Test-Driven Infrastructure Talk at Docker-Bamberg

On 28th April I held a talk about Test-Driven Infrastructure at the local Docker-Bamberg Meetup.

Agenda:

Concepts
- Puppet
- Test-Driven Infrastructure
- Behavior-Driven Development
Toolchain
- A toolchain for TDI
Hands on
- Build a simple webserver for serving a Docker Bamberg weblog
Goodies
- Continuous Integration, Monitoring, Documentation, Checklists, Change Evidence build in!

Slide are available at:

https://markusbenning.de/slides-docker-bamberg/test-driven-infrastructure.html

7. November 201513. November 2015

mtpolicyd 1.22 has been released

Version 1.22 has been released.

Get the sources from: https://mtpolicyd.org/download.html or from CPAN.

What has changed:

Added support for LDAP
Support for an global LDAP connection has been added to mtpolicyd. The new plugin LdapUserConfig uses this connection to read parameters from a LDAP server.

22. September 20156. October 2015

mtpolicyd 1.21 has been released

Version 1.21 has been released.

Get the sources from: https://mtpolicyd.org/download.html or from CPAN.

What has changed:

New feature vhost_by_policy_context
New option vhost_by_policy_context will if activated tell mtpolicyd to select the VirtualHost based on the policy_context.For example in postfix main.cf use advanced syntax:

check_policy_service { inet:localhost:12345,
    policy_context=reputation }
  ...
  check_policy_service { inet:localhost:12345,
    policy_context=accounting }

check_policy_service { inet:localhost:12345,

policy_context=reputation }

...

check_policy_service { inet:localhost:12345,

policy_context=accounting }

In mtpolicyd.conf:

port="127.0.0.1:12345"# only 1 port
vhost_by_policy_context=1
<VirtualHost 12345>
  name=reputation
  # ...plugins ...
</VirtualHost>
<VirtualHost 12346>
  name=accounting
  # ...plugins ...
</VirtualHost>

port="127.0.0.1:12345"# only 1 port

vhost_by_policy_context=1

name=reputation

# ...plugins ...

</VirtualHost>

name=accounting

# ...plugins ...

</VirtualHost>

The policy_context feature will be available in postfix 3.1 and later.

New plugin SMTPVerify
The SMTPVerify plugin implements address verification at a remote SMTP server with MAIL FROM and RCPT TO commands. It support the following checks:
- check if the remote SMTP server would accept mail for a address.
  Apply actions or scores if a permanent or temporary error is returnedIf the
- remote server support the SIZE extension the SIZE will be passed to the remote SMTP server. This way it could be checked if the message exceeds the message size limit or the quota limit of the recipient.
- Check if the remote SMTP server announces support for STARTTLS
- Check if there is a TLSA record for the remote SMTP server
- Check if there is OPENPGPKEY for the recipient

18. August 201522. September 2015

mtpolicyd 1.20 has been released

Version 1.20 has been released.

Get the sources from: https://mtpolicyd.org/download.html or from CPAN.

What has changed:

fix SQL connection handling after child fork
Closing the connection after child fork did not cause a reconnect on all DBI versions. Instead do a reconnect by overwriting the previous connection.
improve request logging
mtpolicyd now logs the plugin that caused the result.The new log format is:

Perl

<vhost>: instance=<instance>, type=<type>, t=<time>ms, plugin=<plugin>, result=<result>

1

<vhost>: instance=<instance>, type=<type>, t=<time>ms, plugin=<plugin>, result=<result>

3. August 2015

mtpolicyd 1.19 has been released

Version 1.19 has been released.

Get the sources from: https://mtpolicyd.org/download.html or from CPAN.

New Features:

escape control characters in logs
The logging method in Mail::MtPolicyd now extends the Net::Server
log method with a mechanism to escape control and special characters.

15. March 201515. March 2015

mtpolicyd 1.16 has been released

Version 1.16 has been released.

Get the sources from: https://mtpolicyd.org/download.html or from CPAN.

New Features:

Improved SPF support
The SPF plugins supports now checks on helo and uses postmaster@<heloname> as sender for null-sender mails as defined in RFC. (thx to Scott Kitterman for pointing this out)
Support for Spamassassins AWL reputation
The SaAwlLookup and SaAwlAction plugins can be used to take actions based on the senders reputation stored in Spamassassins AWL database.