firewall-cmd --list-all-zones
firewall-cmd --get-active-zones
firewall-cmd --info-zone=public
firewall-cmd --permanent --new-zone testZ
firewall-cmd --permanent --zone=testZ --add-source=192.168.43.0/24
firewall-cmd --permanent --zone=testZ --add-source=192.168.31.0/24
firewall-cmd --permanent --zone=testZ --add-service={ssh,http,https}
firewall-cmd --reload
firewall-cmd --info-zone=testZ
firewall-cmd --permanent --zone=trusted --remove-source=192.168.31.0/24
firewall-cmd --permanent --zone=trusted --remove-service={smtp,dns}
firewall-cmd --zone=public --add-interface=ens160
firewall-cmd --get-services
23 สิงหาคม 2560
17 สิงหาคม 2560
MySQL user with ip range
For a host value specified as an IPv4 address, a netmask can be given to indicate how many address bits to use for the network number. Netmask notation cannot be used for IPv6 addresses.
The syntax is host_ip/netmask. For example:
CREATE USER 'david'@'192.58.197.0/255.255.255.0';
https://dev.mysql.com/doc/refman/5.6/en/account-names.html
The syntax is host_ip/netmask. For example:
CREATE USER 'david'@'192.58.197.0/255.255.255.0';
https://dev.mysql.com/doc/refman/5.6/en/account-names.html
02 สิงหาคม 2560
config apaceh ssllabs A+
SSLProtocol TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5:!EDH:!3DES:!CAMELLIA:!AES128
SSLHonorCipherOrder on
Header always set Strict-Transport-Security "max-age=31536000"
24 กรกฎาคม 2560
Setup DNSSEC on BIND DNS Server
Enable DNSSEC by adding the following configuration directives inside options{ }
# vi /etc/named.conf
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Create a Zone Signing Key(ZSK)
# dnssec-keygen -r /dev/urandom -a NSEC3RSASHA1 -b 2048 -n ZONE example.tld
Create a Key Signing Key(KSK)
# dnssec-keygen -r /dev/urandom -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE example.tld
Add the public keys which contain the DNSKEY record to the zone file.
# for key in `ls Kexample.tld*.key`; do echo "\$INCLUDE $key">> db.example.tld; done
Sign the zone with the dnssec-signzone command.
# dnssec-signzone -e +3024000 -N INCREMENT -o example.tld -t db.example.tld
Get DS record
# cat dsset-example.tld
or
# dig @ns.example.com example.tld dnskey | dnssec-dsfromkey -f /dev/stdin example.tld
# dig @ns.example.com example.tld dnskey | dnssec-dsfromkey -f - example.tld
http://dnsviz.net
https://dnssec-debugger.verisignlabs.com
http://viewdns.info/dnssec/
# vi /etc/named.conf
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Create a Zone Signing Key(ZSK)
# dnssec-keygen -r /dev/urandom -a NSEC3RSASHA1 -b 2048 -n ZONE example.tld
Create a Key Signing Key(KSK)
# dnssec-keygen -r /dev/urandom -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE example.tld
Add the public keys which contain the DNSKEY record to the zone file.
# for key in `ls Kexample.tld*.key`; do echo "\$INCLUDE $key">> db.example.tld; done
Sign the zone with the dnssec-signzone command.
# dnssec-signzone -e +3024000 -N INCREMENT -o example.tld -t db.example.tld
Get DS record
# cat dsset-example.tld
or
# dig @ns.example.com example.tld dnskey | dnssec-dsfromkey -f /dev/stdin example.tld
# dig @ns.example.com example.tld dnskey | dnssec-dsfromkey -f - example.tld
http://dnsviz.net
https://dnssec-debugger.verisignlabs.com
http://viewdns.info/dnssec/
27 มิถุนายน 2560
php mail best practice
$to = "dest@domain.tld";
$from = "from@domain.tld";
$reply = "reply@domain.tld";
$return = "bounce@domain.tld";
$cc = "cc@domain.tld";
$headers = "From: " . $from . "\n";
$headers .= "Reply-To: " . $reply ."\n";
$headers .= "CC: " . $cc ."\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: text/html; charset=UTF-8\n";
$message = "This is message<br>";
$subject = "This is subject";
mail($to, '=?utf-8?B?' . base64_encode($subject) . '?=', $message, $headers, '-f $return');
What is the behavior difference between return-path, reply-to and from?
1. The Return-Path (sometimes called the Reverse-Path or Envelope-FROM -- all of these terms can be used interchangeably) is the value used during the SMTP session. As you can see, this does not need to be the same value that is actually found in the mail headers. Only the recipient's mail server is supposed to add a Return-Path header to the top of the email. This records the actual Return-Path sender during the SMTP session. If a Return-Path header is already exists in the email, then that header is to be removed, and replaced by the recipient's mail server.
All bounces that occur during the SMTP session should go back to the Return-Path value. Some servers may accept all email, and then queue it locally, until it has a free thread to deliver it to the recipient's mailbox. If the recipient doesn't exist, it should bounce it back to the recorded Return-Path value.
Note, not all mail servers obey this rule. Some mail servers will bounce it back to the FROM address.
2. The FROM address is the value actually found in the FROM header. This is supposed to be who the message is FROM. This is what you see as the "FROM" in most mail clients. If an email does not have a Reply-To header, then all human (mail client) replies should go back to the FROM address.
3. The Reply-To header is added by the sender (or the sender's software). It is where all human replies should be addressed too. Basically, when the user clicks "reply", the Reply-To value should be the value used as the recpient of the newly composed email. The Reply-To value should not be used by any server. It is meant for client side use.
https://stackoverflow.com/questions/1235534/what-is-the-behavior-difference-between-return-path-reply-to-and-from
$from = "from@domain.tld";
$reply = "reply@domain.tld";
$return = "bounce@domain.tld";
$cc = "cc@domain.tld";
$headers = "From: " . $from . "\n";
$headers .= "Reply-To: " . $reply ."\n";
$headers .= "CC: " . $cc ."\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: text/html; charset=UTF-8\n";
$message = "This is message<br>";
$subject = "This is subject";
mail($to, '=?utf-8?B?' . base64_encode($subject) . '?=', $message, $headers, '-f $return');
What is the behavior difference between return-path, reply-to and from?
1. The Return-Path (sometimes called the Reverse-Path or Envelope-FROM -- all of these terms can be used interchangeably) is the value used during the SMTP session. As you can see, this does not need to be the same value that is actually found in the mail headers. Only the recipient's mail server is supposed to add a Return-Path header to the top of the email. This records the actual Return-Path sender during the SMTP session. If a Return-Path header is already exists in the email, then that header is to be removed, and replaced by the recipient's mail server.
All bounces that occur during the SMTP session should go back to the Return-Path value. Some servers may accept all email, and then queue it locally, until it has a free thread to deliver it to the recipient's mailbox. If the recipient doesn't exist, it should bounce it back to the recorded Return-Path value.
Note, not all mail servers obey this rule. Some mail servers will bounce it back to the FROM address.
2. The FROM address is the value actually found in the FROM header. This is supposed to be who the message is FROM. This is what you see as the "FROM" in most mail clients. If an email does not have a Reply-To header, then all human (mail client) replies should go back to the FROM address.
3. The Reply-To header is added by the sender (or the sender's software). It is where all human replies should be addressed too. Basically, when the user clicks "reply", the Reply-To value should be the value used as the recpient of the newly composed email. The Reply-To value should not be used by any server. It is meant for client side use.
https://stackoverflow.com/questions/1235534/what-is-the-behavior-difference-between-return-path-reply-to-and-from
สมัครสมาชิก:
บทความ (Atom)