When using DRBD, we can grow DRBD disk online so we do not need to disturb the production process we have in the server. The requirement to this feature is the backing block device can be resized online so it is possible to resize the DRBD disk. There are two criterias that must be filled.

####1. The backing device must be managed by a logical volume manager such as LVM ####2. The resource must currently be in the Connected connection state. First, we need to grow the backing device on both nodes and make sure only one node in Primary node.

SMTP use TLS/SSL to secure connection to server and AUTH so only authenticated user can use the SMTP service. This tutorial will show steps to debug SMTP TLS/SSL and AUTH from Linux/Unix terminal.

1. encode your login information in base64, the following perl command which requires MIME::Base64 will do encoding

   perl -MMIME::Base64 -e 'print encode_base64("\000your_username\000your_password")'
   # example output
   # AHlvdXJfdXNlcm5hbWUAeW91cl9wYXNzd29yZA==
   

2. connect to smtp server

   # normal non-secured SMTP
   $ telnet smtp.yourdomain.com 25
   
   # TLS connection, check STARTTLS support with EHLO command
   $ telnet smtp.yourdomain.com 25
   
   220 SMTP banner
   EHLO smtp.yourdomain.com
   250 SMTP banner
   250-smtp.yourdomain.com
   250-PIPELINING
   250-SIZE 36360000
   250-VRFY
   250-ETRN
   250-STARTTLS
   250-ENHANCEDSTATUSCODES
   250-8BITMIME
   250 DSN
   quit
   
   $ openssl s_client -starttls smtp -crlf -connect smtp.yourdomain.com:25
   
   # SSL connection
   $ openssl s_client -crlf -connect smtp.yourdomain.com:465
   

3. check AUTH support with EHLO command

Linux LVM is a logical volume manager for Linux kernel. Logical volume manager provides method of allocation space in mass storage device that more flexible than traditional partitioning scheme. Logical volume manager can create, resize, and combine partitions, potentially without interrupting system. (Wikipedia)

schema: new device /dev/sda

1. create needed partitions, label them with 8e (Linux LVM)

# fdisk /dev/sda

2. format partitons

# mkfs.ext4 /dev/sda1

3. create physical volume

# pvcreate /dev/sda1

4. extend existing volume group

# vgextend VolGroup00 /dev/sdb1

5. extend existing logical volume

extend LogVol01 to 16GB
# lvextend -L 16G /dev/VolGroup00/LogVol01
adding 1GB to LogVol01
# lvextend -l+1G /dev/VolGroup00/LogVol01

6. resize logical volume to new size

# resize2fs /dev/VolGroup00/LogVol01

7. create new logical volume

create new logical volume with size 16GB
# lvcreate -L 16GB -n LogVol02 VolGroup00
create new logical volume with all free space
# lvcreate -l+100%FREE -n LogVol02 VolGroup00

8. format new logical volume

# mkfs.ext4 /dev/VolGroup00/LogVol02

Reference: http://sujithemmanuel.blogspot.com/2007/04/how-to-add-disk-to-lvm.html

When using iSCSI and LVM, sometimes we have to manually enable iSCSI disk that used as a physical volume in LVM. This is because LVM service is started earlier than iSCSI service so the iSCSI disk containing the physical volume is not present yet. Solution to this problem is to enable lvmetad in /etc/lvm/lvm.conf. The lvmetad is “LVM metadata daemon” that acts as in-memory cache of LVM metadata gathered from devices as they appear in the system. Whenever a block device appears and has PV label on it, it is automatically scanned via an udev rule. This update the lvmetad daemon with the LVM metadata found. Once the VG is complete (all the PVs making up the VG are present), the VG is activated. The lvmetad daemon is required for this LVM event-based autoactivation to work and the iSCSI disk must be present in the system after boot time.

Install packages using FreeBSD port.

1. Install postfix

# Options for postfix-2.11.0,1
_OPTIONS_READ=postfix-2.11.0,1
_FILE_COMPLETE_OPTIONS_LIST=BDB CDB INST_BASE LDAP_SASL LMDB MYSQL NIS OPENLDAP PCRE PGSQL SASL2 SPF SQLITE TEST TLS VDA DOVECOT DOVECOT2 SASLKRB5 SASLKMIT
OPTIONS_FILE_SET+=BDB
OPTIONS_FILE_SET+=CDB
OPTIONS_FILE_UNSET+=INST_BASE
OPTIONS_FILE_SET+=LDAP_SASL
OPTIONS_FILE_UNSET+=LMDB
OPTIONS_FILE_UNSET+=MYSQL
OPTIONS_FILE_UNSET+=NIS
OPTIONS_FILE_SET+=OPENLDAP
OPTIONS_FILE_SET+=PCRE
OPTIONS_FILE_UNSET+=PGSQL
OPTIONS_FILE_SET+=SASL2
OPTIONS_FILE_UNSET+=SPF
OPTIONS_FILE_UNSET+=SQLITE
OPTIONS_FILE_SET+=TEST
OPTIONS_FILE_SET+=TLS
OPTIONS_FILE_UNSET+=VDA
OPTIONS_FILE_UNSET+=DOVECOT
OPTIONS_FILE_UNSET+=DOVECOT2
OPTIONS_FILE_UNSET+=SASLKRB5
OPTIONS_FILE_UNSET+=SASLKMIT

2. install openldap

# Options for openldap-client-2.4.38
_OPTIONS_READ=openldap-client-2.4.38
_FILE_COMPLETE_OPTIONS_LIST=FETCH
OPTIONS_FILE_UNSET+=FETCH

3. install cyrus-sasl2

# Options for cyrus-sasl-2.1.26_4
_OPTIONS_READ=cyrus-sasl-2.1.26_4
_FILE_COMPLETE_OPTIONS_LIST=ALWAYSTRUE AUTHDAEMOND KEEP_DB_OPEN  OBSOLETE_CRAM_ATTR BDB MYSQL PGSQL SQLITE2 SQLITE3 CRAM DIGEST LOGIN NTLM OTP PLAIN SCRAM
OPTIONS_FILE_UNSET+=ALWAYSTRUE
OPTIONS_FILE_SET+=AUTHDAEMOND
OPTIONS_FILE_UNSET+=KEEP_DB_OPEN
OPTIONS_FILE_SET+=OBSOLETE_CRAM_ATTR
OPTIONS_FILE_UNSET+=BDB
OPTIONS_FILE_UNSET+=MYSQL
OPTIONS_FILE_UNSET+=PGSQL
OPTIONS_FILE_UNSET+=SQLITE2
OPTIONS_FILE_UNSET+=SQLITE3
OPTIONS_FILE_SET+=CRAM
OPTIONS_FILE_SET+=DIGEST
OPTIONS_FILE_SET+=LOGIN
OPTIONS_FILE_SET+=NTLM
OPTIONS_FILE_SET+=OTP
OPTIONS_FILE_SET+=PLAIN
OPTIONS_FILE_SET+=SCRAM

4. install cyrus-sasl2-saslauthd

# Options for cyrus-sasl-saslauthd-2.1.26
_OPTIONS_READ=cyrus-sasl-saslauthd-2.1.26
_FILE_COMPLETE_OPTIONS_LIST=BDB HTTPFORM OPENLDAP
OPTIONS_FILE_SET+=BDB
OPTIONS_FILE_SET+=HTTPFORM
OPTIONS_FILE_SET+=OPENLDAP

5. install postfwd

# Options for postfix-postfwd-1.32_1
_OPTIONS_READ=postfix-postfwd-1.32_1
_FILE_COMPLETE_OPTIONS_LIST=DOCS EXAMPLES POSTFWD2
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_UNSET+=POSTFWD2

6. configure /usr/local/lib/sasl2/smtpd.conf

log_level: 3
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

7. configure /usr/local/etc/saslauthd.conf

ldap_servers:
ldap_bind_dn:
ldap_bind_pw:
ldap_search_base:
ldap_auth_method: ssha
ldap_time_limit: 4
ldap_filter:

8. configure /usr/local/etc/postfix/main.cf

mtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtp_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

9. configure /usr/local/etc/postfwd.conf

id=RULE001
 sasl_username=~/^(\S+)$/
 action=rcpt(sasl_username/200/3600/DEFER Too much emails for $$sasl_username)

10. configure /etc/rc.conf

postfix_enable="YES"
saslauthd_enable="YES"
saslauthd_flags="-a ldap"
postfwd_enable="YES"

Reference: http://ashterix.blogspot.com/2008/10/freebsd-postfix-sasl-openldap.html

In this short tutorial I will show how to check TCP/UDP open port or services in FreeBSD box. For checking open port or services which uses port in FreeBSD simply issue the following commands.

1. check TCP connection

   sockstat -Ptcp
   

2. check UDP connection

   sockstat -Pudp
   

   Combine with grep to search port used by specific service or service which using specific port.

3. use grep to get service or port

   sockstat -Ptcp | grep <port number>
   sockstat -Ptcp | grep -i <service name>
   sockstat -Pudp | grep <port number>
   sockstat -Pudp | grep -i <service name>