Deploy

(certificate should be valid. although frontend nginx has proxy_ssl_verify off;, STARTTLS still requires a valid certificate. ) (service should be restarted every 3 month, to use latest renewed certificate, just like nginx does. )

docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key:/etc/ssl/private/iRedMail.key:ro -v /srv/conf/acme-sh/mail.recolic.net/fullchain.cer:/etc/ssl/certs/iRedMail.crt:ro -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --restart=always --hostname func.mail.recolic.net 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net /sbin/init

If can not connect database, you need to run chown -R mysql:mysql mysql inside container. (required if mysql dir are updated. )

Upgrade from lower version

If you upgraded mysql version, you must use following code to migrate data, rather than simply copy /var/lib/mysql. see more

mysqldump -u root -p --all-databases > alldb.sql
mysql -u root -p < alldb.sql

Upgrade step:

  1. export alldb.sql from old iredmail.
  2. export alldb.sql from new iredmail.
  3. manually move all userdata from oldiredmail to new iredmail. (take care!!! DB table format may changed!)
  4. import the manually-modified new-iredmail-alldb.sql into new db, save the resulting /var/lib/mysql directory. Use this as your new mysqlDir!!

Recolic's further customize (image built at 20201021)

after making some further modification below , recolic is using 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net in PROD. https://git.recolic.net/recolic/notebook#mailrecolicnet

Disable heavy clamav, but do not disable DKIM! https://docs.iredmail.org/completely.disable.amavisd.clamav.spamassassin.html

Disable greylisting, which causes email lost from bankofchina. Also enable reject_sender_login_mismatch. https://docs.iredmail.org/manage.iredapd.html

fix facebook problem. https://docs.iredmail.org/upgrade.iredmail.0.9.9-1.0.html#fixed-fix-improper-helo-rule-which-blocks-new-facebook-servers

allow larger attachment size. https://docs.iredmail.org/change.mail.attachment.size.html

Set session timeout to 99999 min: https://forum.iredmail.org/topic8839-iredmail-support-howwhere-to-increase-timeout-session-via-roundcube.html

DNS record guide

https://docs.iredmail.org/setup.dns.html

Manual DKIM:

echo -n "v=DKIM1; p="
openssl rsa -in /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key  -pubout -outform der 2>/dev/null | openssl base64 -A

iredmail docker fresh deploy

YOU MUST CREATE /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key and /srv/conf/acme-sh/mail.recolic.net/fullchain.cer BEFORE ANYTHING!


docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /srv/conf/acme-sh/mail.recolic.net/mail.recolic.net.key:/etc/ssl/private/iRedMail.key:ro -v /srv/conf/acme-sh/mail.recolic.net/fullchain.cer:/etc/ssl/certs/iRedMail.crt:ro -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --hostname func.mail.recolic.net jrei/systemd-ubuntu /sbin/init docker exec -ti rmail /bin/bash

In docker:

echo func.mail > /etc/hostname
echo 127.0.0.1 func.mail.recolic.net func.mail localhost localhost.localdomain >> /etc/hosts

apt update
apt install -y gzip vim wget rsyslog
systemctl enable rsyslog --now

wget https://github.com/iredmail/iRedMail/releases/download/1.3.1/iRedMail-1.3.1.tar.gz
tar -xvzf iRedMail-1.3.1.tar.gz ; rm iRedMail-1.3.1.tar.gz
cd iRedMail-* ; bash iRedMail.sh

NOW you have some interactive operations!

no need to edit mail storage path.

recolic note: db password/postmaster password is genpasswd('mail.recolic.net', v4)

Would you like to use filewall rules by iRedMail? NO!

docker commit rmail 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net-20.04
docker push 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net-20.04

Do not delete the generated dir /srv/iredmail while building image. You need the dir /srv/iredmail/mysql as template to migrate in.

Current Content

Minecraft 1.12, TerrafirmaCraft-TNG. Please download to see the mod pack.

It's completely ok to use your own Minecraft client. Just copy-paste my mods folder.

Join Server

  1. Download client. Visit MyHMS and search for minecraft112. Download the latest version. (if you don't know how to de-compress, use 7-zip)

  2. Start game. HMCL.exe for windows, or HMCL.jar for Linux/MacOS/Windows/BSD/...

  3. Server address: mc.recolic.net or mc.recolic.cc(If you're in P.R.China). Server location: Suzhou Unicom, PRC.

Problem:

Win10 LTSE N version is too low. unable to install surface laptop drivers.

Idea:

Open msi with notepad++, replace all text "17763" with your win10 version. Don't replace other "17763" in the binary...

Quick solution:

  1. Download me and me.

  2. run SurfaceLaptop3_Win10_17763_316_bluescreen_but_works_20.020.4371.0.msi You will bluescreen but it works. rebooting.

  3. run SurfaceLaptop3_Win10_17763_20.020.4371.0.msi

  4. done

Mirror

If you're inside the Great Firewall and unable to download anything, you may use this mirror site: https://recolic.cc/res/fuckgfw-mirror

Shadowsocks

Check this: https://shadowsocks.org/en/download/clients.html

NOTE:

ArchLinux and Ubuntu users: Install from your offical repo:

# pacman –S shadowsocks 
# apt install shadowsocks 

For Chinese:

中国区的iOS推荐使用Outline, 趁着现在还没被下架, 赶紧装. 直接AppStore搜索就行.

ShadowsocksR

wiki

https://github.com/iMeiji/shadowsocks_install/wiki/ShadowsocksR-%E5%8D%8F%E8%AE%AE%E6%8F%92%E4%BB%B6%E6%96%87%E6%A1%A3

linux server/client

use branch manyuser.

https://github.com/shadowsocksr-backup/shadowsocksr

ArchLinux server/client

AUR shadowsocksr

Windows Client

https://github.com/shadowsocksrr/shadowsocksr-csharp/releases

Android client

https://github.com/shadowsocksr-backup/shadowsocksr-android/releases

v2ray

https://www.v2ray.com/en/awesome/tools.html

NOTE:

Ubuntu and ArchLinux users, you can install from your offical repo:

# pacman –S v2ray 
# apt install v2ray 

OpenVPN

  • ArchLinux/Ubuntu:
# pacman –S openvpn
# apt install openvpn
  • Other Linux:

Try your package manager before refer to this webpage: https://openvpn.net/community-resources/installing-openvpn/

  • Windows:

PLEASE download OpenVPN community version!!!

https://openvpn.net/community-downloads/

Use "WINDOWS 64-BIT MSI INSTALLER" or "WINDOWS 32-BIT MSI INSTALLER"

  • Router: Use your google.

udp2raw

  • ArchLinux

pacman –S udp2raw-tunnel

ubuntu also has udp2raw in apt repo.

  • Other Linux (including router):

https://github.com/wangyu-/udp2raw-tunnel

  • Other OS (windows/MacOS/BSD):

https://github.com/wangyu-/udp2raw-multiplatform

udp-forwarder-ex

https://github.com/recolic/udp-forwarder-ex

Notice: Domain Issue

recolic.net is ALWAYS my main domain, use it if possible.

However, recolic.net has been attacked by P.R.China government since 2019.

"recolic.net" in all URL could be replaced by "recolic.cc". Only use it as a workaround if you're fucked by china Great Firewall DNS pollution attack. Read more about this: https://recolic.net/

IPLC Proxy [NO HEAVY TRAFFIC]

Please login to view information. https://git.recolic.net/root/premium-proxy

Public Proxy Nodes [All Any Heavy Traffic]

USA/California and PRC/HongKong: Shadowsocks:

ss://chacha20-ietf-poly1305:[email protected]:25551
ss://chacha20-ietf-poly1305:[email protected]:25551

Or encoded url:

ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpyZWNvbGljLmZ1Y2tpbmcuY3BjQGJhc2UudXMxMi5yZWNvbGljLmNjOjI1NTUx#RECOLIC-US12
ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpyZWNvbGljLmZ1Y2tpbmcuY3BjQGJhc2UuaGsyLnJlY29saWMuY2M6MjU1NTE#RECOLIC-HK2

Or QR code:

Failed to load QR image

Failed to load QR image

We use AEAD methods to avoid being fucked. https://shadowsocks.org/en/spec/AEAD-Ciphers.html

Download Software

Refer to this article.

View realtime node status

https://recolic.net/status

fake sudo

a Script to allow normal user to launch root shell, after providing a KEY file.

In android, I don't want to root my phone, but still needs root access.

So I installed this script, instead of SuperSU.

runas.cc

#include <rlib/sys/unix_handy.hpp>
#include <rlib/opt.hpp>

int main(int argc, char **argv) {
    rlib::opt_parser args(argc, argv);
    auto keyFile = args.getValueArg("-k", false, "");

    setuid(geteuid());
    setgid(getegid());

    rlib::execs("/bin/bash", std::vector<std::string>{"runas.impl.sh", keyFile});
}

runas.impl.sh

#!/bin/bash
# Usage: 1. Generate your key file, and keep it secret. Get its SHA256 and write it down at `answer`.
#        2. Compile runas.cc, Then run the following commands as root:
#               chmod +s ./runas
#        3. Try `./runas -k ./key` as normal user.
#
# File Permissions:
# 
# -rwsr-sr-x 1 root    root    82K Apr 18 19:29 runas*
# -rw-r--r-- 1 recolic recolic 320 Apr 18 19:29 runas.cc
# ---------- 1 root    root    733 Apr 18 19:35 runas.impl.sh*


[ "$1" = "" ] && key_file_name="./key" || key_file_name="$1"
echo "Verifying '$key_file_name'..."

#### Verify key file
checksum=$(sha256sum "$key_file_name" | sed 's/ .*$//g')
answer='07ecd901c90ee7a72efdc0d7e7b47c2b8d02b5a9cfcbb9ae4f0f31561d01af04'

if [ "$checksum" = "$answer" ]; then
    bash
else
    echo 'Verification failed.'
    exit 2
fi

exit $?

I bought a cheap motherboard and realized that, I have no cable for 10pin(motherboard) to 15pin vga. And things went worse after I realized that my USB2TTL cable is not working for RS232 serial port.

Then... I have to install archlinux WITHOUT monitor. But, fortunately, I have a KEYBOARD!

ArchISO

I was too lazy to modify ArchISO. I just plug the ARCHISO usb stick and a blank harddisk, and boot, then a new client appears on my router. The dhcpcd is working out-of-box!

The router told me the IP: 192.168.1.7

Then I type the following characters on my keyboard:

curl https://recolic.cc/setup/ | bash
systemctl start sshd

recolic.org is my self-hosted website, and I can access the nginx access.log to confirm that the command above has succeeded. The setup script will download my public key, and put it into /root/.ssh/authorized_keys, and configure the permission bits to make sshd happy.

Now try ssh [email protected]. It works.

Installaion

It's too simple to install an arch linux. archfi made it easy.

Post-installaion

AFter shutdown the machine, remove the harddisk from motherboard, and use another WORKING linux laptop to mount this harddisk. Do the following things:

mount BOOT partition and ROOT partition to /mnt
arch-chroot into it
install openssh, dhcpcd
systemctl enable sshd, dhcpcd
Modify /etc/ssh/sshd_config to allow RootLogin.
Set root password if you're not already done.
put your public key into /root/.ssh/authorized_keys and set the permission properly.
done

Good. Plug the harddisk into the headless machine, it should boot and be ready for ssh-into.

Question

Q: Why not plug the harddisk into another machine, and install the Archlinux OS?

A: Then you need to boot from archiso, and perform grub-install, to allow booting the new OS. Then you have to do everything I have done.

Remove wine file associations. https://askubuntu.com/questions/323437/how-to-prevent-wine-from-adding-file-associations

fuck-wine-mime.sh

#!/bin/bash
# Prevent the fucking wine to add mime file association.
# Implements https://askubuntu.com/questions/323437/how-to-prevent-wine-from-adding-file-associations

set -o xtrace

rm -f ~/.local/share/mime/packages/x-wine*
rm -f ~/.local/share/applications/wine-extension*
rm -f ~/.local/share/icons/hicolor/*/*/application-x-wine-extension*
rm -f ~/.local/share/mime/application/x-wine-extension*

sudo sed -i 's/winemenubuilder.exe -a -r/winemenubuilder.exe -r/g' /usr/share/wine/wine.inf

if [[ "$WINEPREFIX" = "" ]]; then
    WINEPREFIX="$HOME/.wine"
fi

if [[ -f "$WINEPREFIX/system.reg" ]]; then
    sed -i 's/winemenubuilder.exe -a -r/winemenubuilder.exe -r/g' "$WINEPREFIX/system.reg"
fi

MIFARE GUIDE FOR HUST

整理了可行的MIFARE卡复制方法/工具。使用ACR122U A9工具。复制卡只含有UID,因此只能进图书馆/宿舍楼,不能消费。

Linux

安装libnfc. sudo pacman -S libnfc。下面的教程在ArchLinux (Linux 5.1.4)测试好用。

如果命令失败了,提示找不到NFC设备之类的话,你可以sudo或者重新插拔一下就好了。

Read/Dump

你可以Dump一张已有的校园卡,也可以直接将校园卡背面右下角金黄色数字转换为UID。

mfoc/mfcuk/nfc-mfclassic经测试并不好用,我修改了mfoc用于dump校园卡。

  • mfoc

如果要用于华科校园卡,请使用打过补丁的mfoc: https://github.com/recolic/mfoc

Build:

autoreconf --install ; ./configure ; make

Crack And Dump:

src/mfoc -O output.dmp
  • 直接转换(推荐)

你可以使用校园卡背面右下角的黄金色数字,直接得到校园卡的UID数据。

这是一个POC。这段代码清晰的解释了如何从黄色数字计算出你需要的所有数据,你可以学习但你不一定能直接编译它。https://github.com/recolic/mfoc/blob/master/tools/nToData.cc

上面这段代码的输出就是校园卡的数据的前8个字节。所有的卡片的剩余数据都一模一样,你可以在https://github.com/recolic/mfoc 的template.dump找到一个模板。

Write

买到的MIFARE白卡/钥匙扣必须支持写block 0。

  • nfc-mfclassic

你可以将B改为A/a/b。具体含义见nfc-mfclassic文档。

nfc-mfclassic W B u output.dump

成功输入及输出样例。

~/t/mfoc ❯❯❯ sudo nfc-mfclassic W B u output.dump
NFC reader: RFCARD / RF1258V603 PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 04  00  
       UID (NFCID1): aa  aa  aa  aa  
      SAK (SEL_RES): 08  
Guessing size: seems to be a 1024-byte card
Sent bits:     50  00  57  cd  
Sent bits:     40 (7 bits)
Received bits: a (4 bits)
Sent bits:     43  
Received bits: 0a  
Card unlocked
Writing 64 blocks |................................................................|
Done, 64 of 64 blocks written.

我发现有的钥匙扣,只能写一次UID然后就被永远锁死了。一次性产品,正常现象。

Windows

商家直接送了软件,我直接放链接。驱动建议自己去ACR122U官网下载。Windows10下测试好用。

https://dl.recolic.net/res/NFCIO.zip

其中含有旧版本驱动,TagReader.exe,UIDWriter.exe。一个读一个写。

android qq聊天记录导出大致流程

tested on android 6 tencent qq

  1. 设法将/data/data/com.tencent.*/databases目录拷贝出来,我假设你了解如何做到这一点。

  2. 运行以下命令。我假设你了解如何安装/使用sqlite,我假设你了解linux基本知识。

$ sqlite3 872222222-IndexQQMsg.db
sqlite> .output /home/recolic/extraDisk/tmp/tmp.out
sqlite> select * from IndexContent_content ;
sqlite> .quit

拿到输出的文件,跑下面的这个qqmsg_decoder.py就可以了。如果你需要filter等自定义功能,我假设你了解如何使用python。

注意到这个聊天记录似乎有丢失,总觉得少了点什么。感谢补充。

qqmsg_decoder.py

#!/usr/bin/env python3
# $ sqlite3 872222222-IndexQQMsg.db
# sqlite> .output /home/recolic/extraDisk/tmp/tmp.out
# sqlite> select * from IndexContent_content ;
# sqlite> .quit

import sys
import base64
import datetime

############## User defined
def _filter(line):
    #return '111222333' in line
    #return '257112220' in line
    return True
##############

def decode_qtimestamp(s):
#    print('debug', s, file=sys.stderr)
    if s == '':
        return 0
    ts = base64.b64decode(s)[4:8]
    return sum([int(ts[i])*(256**(3-i)) for i in range(4)])

def timestamp_to_str(int_ts):
    return datetime.datetime.fromtimestamp(int_ts).strftime('%Y-%m-%d %H:%M:%S')

with open(sys.argv[1]) as f: 
    cont = f.read()

for line in cont.split('\n'):
    if line == '':
        continue
    ar = line.split('|')
    timestamp = timestamp_to_str(decode_qtimestamp(ar[-1]))
    ar = ar[:-1]
    line = '|'.join([ar[0]] + [base64.b64decode(ele.encode()).decode(errors='ignore') for ele in ar[1:]])
    line += '|' + timestamp
    if _filter(line):
        print(line)