Welcome to Myatu's

The site that has been wasting bits and bytes daily, since 2008!

Most recent blog entries

Quick Note: Disable SSLv3 in OpenLDAP with GnuTLS

October 15, 2014 | comments

Due to the SSL POODLE vulnerability, it is best to remove support for the outdated SSLv3 protocol.  As OpenLDAP with GnuTLS is a beast of its own, here’s the quick change to remove SSLv3 support:

cat > nossl.ldif <<EOF
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: SECURE256:-VERS-SSL3.0


ldapmodify -Y EXTERNAL -H ldapi:/// -f nossl.ldif

And we’re done! Obviously, if you already have olcTLSCipgerSuite, then use “replace” instead of “add”.

A quick test:

~# gnutls-cli-debug -p 636
Resolving ''...
Connecting to ''...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... no
Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... yes
Checking fallback from TLS 1.1 to... N/A
Checking for TLS 1.2 support... yes
continue reading →
by Spider.Dog

Postfix’s killed trivial-rewrite by signal 11

September 21, 2014 | comments

I was setting up a small VPS as a backup e-mail server for the two already in place.  What was supposed to be a 15 minute task, particularly as it was being installed using a proven recipe with Puppet, turned into a diagnostic nightmare for hours. Looking back, it really shouldn’t have taken that long to diagnose either, but alas, Google led me astray.

See, everything was installed according to the other servers. Postfix started up fine, but as soon as it would perform a lookup in an LDAP directory, the following error occurred:

Sep 21 00:34:02 server postfix/master[23426]: warning: process /usr/lib/postfix/trivial-rewrite pid 23460 killed by signal 11
Sep 21 00:34:03 server postfix/qmgr[23431]: warning: problem talking to service rewrite: Success
Sep 21 00:34:03 server postfix/master[23426]: warning: process /usr/lib/postfix/trivial-rewrite pid 23461 killed by signal 11
Sep 21 00:34:03 server postfix/master[23426]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
continue reading →

Latest Tweets



Some of my projects

More projects →