Categories
Music

FFMPEG – Converting DSF to FLAC

When converting SACD DSF audio files to FLAC (or any other PCM type format) the conversion process will most likely introduce distortion in the upper frequencies. In order to eliminate this you need to use the lowpass filter during the conversion process. This post is mainly so I won’t forget.

These are the ffmpeg commands I used to convert to regular FLAC. To convert to 24bit FLAC use s32 for the sample format.

for i in *.dsf; do ffmpeg -i "$i" -af "lowpass=24000, volume=6dB" -sample_fmt s16 -ar 48000 "${i%.*}.flac"; done
Categories
Fedora Sendmail

Sendmail – LetsEncrypt and verify=OK

How To Configure LetsEncrypt and Sendmail Properly

This documentation pulls from a form post on FreeBSD from user Kuli.
https://forums.freebsd.org/threads/sendmail-and-letsencrypt.57675/

LetsEncrypt certificates aren’t listed in the main distributed ca-bundle.crt. The confCACERTand confCACERT_PATH configurations are two independent configurations that don’t really have anything to do with each other. When verifying certificates, it looks in the confCACERT_PATH for individual hashed files of root certificates. The confCACERTwill be configured with the intermediary LetsEncrypt chain.pem. Sendmail will then be happy to verify=OK the certificates. Do note that, it appears the majority of mail servers are using certificates that can’t be verified. So you will see a lot of NO. It’s better than FAIL. The script works with Fedora and probably any variant of Linux. Your experience may vary.

2021 Update!

I have discovered a much better way to generate the hashed ca files! I really struggled with the shell script. I have only tested this with Fedora 33, though I suspect it should work on other distributions.

Sendmail Configuration

define(CERT_DIR',/etc/letsencrypt/live/<your site>')
define(confCACERT_PATH',/usr/local/etc/ssl/ROOT')
define(confCACERT',CERT_DIR/chain.pem')
define(confSERVER_CERT',CERT_DIR/cert.pem')
define(confSERVER_KEY',CERT_DIR/privkey.pem')
define(confCLIENT_CERT',CERT_DIR/cert.pem')
define(confCLIENT_KEY',CERT_DIR/privkey.pem')

Create the CACERT_PATH files

2021 New Easy Way:

#p11-kit extract --format=openssl-directory --filter=ca-anchors --overwrite /usr/local/etc/ssl/ROOT/

Old Kinda Broken Shell Script Way:

#!/bin/sh
#Separate the root cert into files each with only one cert and name hashed

RCert=/etc/ssl/certs/ca-bundle.crt
DESTDIR=/usr/local/etc/ssl/ROOT
mkdir -p $DESTDIR
cd $DESTDIR
rm -f *
cat $RCert | sed -E '/^(Certificate:|SHA1 Fingerprint|#| |$)/d' | awk 'BEGIN {c=0;} /BEGIN TRUS/{c++} { print > "cert." c ".pem"}'

for a in ls $DESTDIR
do
    mv $a openssl x509 -hash -noout < $a.0
done