Restrict RoundCube login username to one domain

Restrict RoundCube login username to one domain

Roundcube is a client software to access IMAP mailboxes. If you already came to this post, then I’m sure you’ve figured out that RoundCube does not restrict domains in the login form, which means that as long as your username and password are OK, you can basically use any domain you like in your username field. Exc: @gmail.com, @yahoo.com etc.

This is not something that Roundcube deals with, because it should be taken care of on your IMAP server configuration, and if the IMAP server does not check for your full username (domain included), and allows access with any other domain, you get access:). However, even if it’s taken care of on your IMAP server, handling this in RoundCube will prevent an unnecessary request to your IMAP server.

One of the configuration options in Roundcube helps you append the domain to a clean username login.
Exc: if in your username field you type only the username “username” without the “@domain.com” then roundcube can help  you by appending the “@domain.com”. This is helpful only for IMAP servers that require full e-mail addresses for login. You can specify this by editing $rcmail_config[‘username_domain’] variable in config/defaults.inc.php

By default that variable is blank as below:

$config['username_domain'] = '';

Above that variable, you’ll find a short description on what options can be set to this variable, one of which you might assume it is:

%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)

But in cases when your roundcube installation is in a different host/domain server than your original domain that is needed to authenticate in your IMAP server, that will not help, therefore use your domain as follows:

$config['username_domain'] = 'yourdomain.com';

Now if you type “username” (without the domain) in the username field, roundcube will append “@yourdomain.com” and the request to your IMAP server will have your username sent as “username@yourdomain.com”, otherwise if you already specify the domain in your username field, it will make the login request with the specified domain which in this case can be anything (@gmail.com, @yahoo.com etc). Continue reading “Restrict RoundCube login username to one domain”

Track user last-login with Dovecot and MySQL in Postfix setup

This will help you to set up SQL based user last-login tracking.
Beware of potential SQL injection holes if you allow users to have special characters in usernames.

Create a MySQL table named “lastauth”

CREATE TABLE IF NOT EXISTS `lastauth` (
`user` char(32) NOT NULL,
`remote_ip` char(18) NOT NULL,
`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY `user`
);

Create the bash script in /usr/bin/trackAuth.sh

#!/bin/bash

# $USER > login username 
# $IP > remote ip address 

MYSQL_USER='USERNAME'
PASSWD='PASSWORD'
DB_HOST='DBHOST'
DB_NAME='DNAME'


CHECK_USER=`mysql -h${DB_HOST} -u${MYSQL_USER} -p${PASSWD} ${DB_NAME} -AN -e "SELECT user from lastauth WHERE user='$USER' LIMIT 1"`

if [ $CHECK_USER == "$USER" ]; then

if [ X"${USER}" != X"dump-capability" ]; then
mysql -h${DB_HOST} -u${MYSQL_USER} -p${PASSWD} ${DB_NAME} >/dev/null 2>&1 <<EOF
UPDATE lastauth SET remote_ip="$IP", timestamp=NOW() WHERE user='$USER';
EOF
fi

else

if [ X"${USER}" != X"dump-capability" ]; then
mysql -h${DB_HOST} -u${MYSQL_USER} -p${PASSWD} ${DB_NAME} >/dev/null 2>&1 <<EOF
INSERT INTO lastauth (user, remote_ip, timestamp) VALUES("$USER", "$IP", NOW())
EOF
fi

fi

exec "$@"

Continue reading “Track user last-login with Dovecot and MySQL in Postfix setup”

Set up NRPE (v2.13) with xinetd in ubuntu server 14.04

Update softwar repo, install gcc, create temporary installation dirs, create nagios user, install xinetd, download and compile NRPE…

apt-get update ; apt-get install gcc -y ; mkdir /tmp/download ; useradd nagios -s /bin/false ; mkdir /usr/local/nagios ; chown nagios:nagios /usr/local/nagios ; cd /tmp/download ; apt-get install xinetd -y ; wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.13/nrpe-2.13.tar.gz ; wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz ; tar zxvf nrpe-2.13.tar.gz ; cd nrpe-2.13 ; ./configure --disable-ssl --with-nrpe-user=nagios --with-nrpe-group=nagios --with-nagios-user=nagios --with-nagios-group=nagios --libexecdir=/usr/local/nagios/libexec/ --bindir=/usr/local/nagios/bin/ --prefix=/usr/local/nagios ; make all ; make install-plugin ; make install-daemon ; make install-daemon-config ; make install-xinetd ; update-rc.d xinetd defaults

Edit /etc/xinetd.d/nrpe

nano -w /etc/xinetd.d/nrpe

add ip address of the monitoring nagios server

only_from = 127.0.0.1 <ip_address_of_monitoring_server>

Edit /etc/services

nano -w /etc/services

Make sure this line ‘nrpe 5666/tcp # NRPE‘ is on the file, or add it in the end, then save, exit and restart xinetd:

service xinetd restart
netstat -at | grep nrpe

Install nagios-plugins

cd ../ ; tar zxvf nagios-plugins-2.1.1.tar.gz ; cd nagios-plugins-2.1.1 ; ./configure --with-nagios-user=nagios --with-nagios-group=nagios ; make ; make install

Config file of NRPE (nrpe.cfg) is located in /usr/local/nagios/etc/nrpe.cfg
You can add different commands in there Continue reading “Set up NRPE (v2.13) with xinetd in ubuntu server 14.04”

HACCSY – Hackerspace Access Control and Check in System

HACCSY – Hackerspace Access Control and Check in System

HACCSY abbreviation stands for Hackerspace Access Control and Check in System and that’s pretty much what it does.

HACCSY app is meant to run on a RaspberryPi that’s connected to internet and the front door electric strike lock. It does the job of a simple Check in System and Door Access Control System (2 in 1), it queries a REST service by handing it the scanned in RFID card reader and it will return ‘true’ if the key owner owes less than 2 months worth of their monthly payment. It will return ‘false’ otherwise. It does the same for checking in and out. The computer would then send the signal to the door lock actuator to open it if returned true or do nothing if false. It has a check IN/OUT button to indicate Check IN or Check OUT. It also has an LCD backlight display that displays messages for the user, and an RGB LED that turns RED for Access Denied, GREEN for Access Granted and WHITE to indicate offline mode. Through the REST API, you can also make it available for others to see if the hackerspace is open or not. See working example on the website header at http://www.prishtinahackerspace.org

Code available on Github

HACCSY is built with the following hardware and electronic components: Continue reading “HACCSY – Hackerspace Access Control and Check in System”

Wiki Loves Monuments photo competition running for the second year in Albania and Kosova

Wiki Loves Monuments photo competition running for the second year in Albania and Kosova

Wiki Loves Monuments is an international photo contest for monuments running this September, organized by Wikimedia globally, as well as FLOSSK in Kosovo and Open Labs Albania.

Cultural heritage is an important part of the knowledge that Wikipedia collects and disseminates. Everybody can contribute images as well as write articles. An image is worth a thousand words, in all languages at once, and enthusiastic people can (re)discover the cultural, historic, and scientific significance of their neighborhoods by uploading photos to Wikimedia.

In 2012, Wikipedia volunteer communities in 35 countries joined this initiative. In 2014 nearly 40 countries all over the world are participating through national contests organized with their national monuments, partners, rules, events and winners. Continue reading “Wiki Loves Monuments photo competition running for the second year in Albania and Kosova”

Prishtina Hackerspace: We made it on Kickstarter

Prishtina Hackerspace: We made it on Kickstarter

Every little bit counts, and your bits certainly gave us more than a byte. Prishtina Hackerspace is your success, as much as it is ours now.

Thanks to people’s generous support on Kickstarter, Prishtina Hackerspace now has the necessary means to have a sustained impact and be the source of even more community-based innovative projects.

We managed to reach the aimed goal of $15,000 in funding, and we ended up with a total of ~$ 17,000 of funding.

See the campaign here: https://www.kickstarter.com/projects/1731685895/lets-build-a-hackerspace-in-kosovo

Continue reading “Prishtina Hackerspace: We made it on Kickstarter”

My speech at TEDx Prishtina – 2014

My speech at TEDx Prishtina – 2014

“I am what I am because of who we all are” says the Ubuntu philosophy from a Southern African region, which is based on the belief in a universal bond of sharing that connects all humanity. That’s how Free and Open Source communities try to function globally.

I’ve been a community guy since the age of 14. That was when I started my professional journey, and that was also when I joined Kosovo’s tech community.

Being a part of this community has led me to ask some questions: How can my work impact the community around me, and how can communities change societies?

At 14, I joined FLOSSK, a nonprofit whose acronym stands for “Free Libre Open Source Software Kosova”, a not for profit organization that had just been conceived at that time – back then, a small group of people with one cause in common: that of free and open source software and knowledge. That cause quickly became my way of life, and an indivisible part of me. Continue reading “My speech at TEDx Prishtina – 2014”