Add Authentication to Jitsi Meet

By default Jitsi Meet is open for everyone. So everyone can just put in a name for a conference room and start a conference. As my Jitsi Meet instance is not running on a dedicated server but shares the server with other important functions like DNS, mail etc., I do not want that everyone is using Jitsi without my permission.

So I needed to add some kind of authentication to Jitsi which means, that only certain authenticated users can start a conference. Once started everyone then can join the conference without further authentication just like before.

The steps to provide that, are documented in this article under the subject “Secure domain”.

I just followed the steps 1 to 4 and it worked fine afterwards.

Just to know: The additional virtual host which you need to create in Prosody (in the example named “” is only existing internally so you do NOT need to create that hostname in your DNS.

Now if someone enters a conference room, Jitsi tells the user to wait until the conference has been started or, if you are owner, to open the conference by entering your Prosody user and password.

As soon as the conference room has been opened, all other clients can just join the conference. The room is then available until the last participant is leaving the room. During that time, all users can enter without authentication.

Jitsi Meet Installation

I installed a Jitsi Meet instance on my virtual server this weekend. Although it was quite easy by following the Quick Install Guide there were some things which did not work in my environment:

Apache Integration

I have en existing Apache server running on my machine. Although the installation script should automatically recognize Apache and configure it for Jitsi, this did not work for me.

After the installation nothing changed in my Apache configuration. so I needed to create a new virtual server instance for my Jitsi server URL. There is a template on Github which you can use as example. Do not forget to change “/etc/jitsi/meet/” so that it is matching the correct path in your environment (depending on the hostname of your server).

Prosody Integration

I also had already a Prosody XMPP server running on my machine, which is also used by Jitsi.

For my existing server I had a config file called “/etc/prosody/prosody.cfg.lua” which included already a statement “plugin_paths = { … }” to tell prosody where to find its plugins.

Jitsi added an additional Prosody config file in “/etc/prosody/conf.avail/<your hostname>.cfg.lua” which also included such a statement. This seems to have overruled my existing statement so that my plugins could no longer be found after restarting Prosody.

So I commented out the statement in the new file and added the Jitsi plugin path to my existing config file.

Connection Error

In the log file “/var/log/jitsi/jicofo.log” there were many errors like

The reason for that was, that my existing Prosody server did only listening to its external IPv4 and IPv6 address but not on “localhost”. To solve that I just removed the line “c2s_interfaces=” from my Prosody config file and restarted Prosody. It now listens on all interfaces including “localhost” and the error disappeared.

After doing Jitsi Meet did work fine.

If you are using Jitsi you should be aware that there currently is a problem with the current version of Firefox which leads to sometimes bad video / sound quality. So it is recommended to either use a Chromium-based browser of the Jitsi app which is available for Windows, Mac, Linux, iOs and Android.

Schaltbare Wifi-Steckdosen mit Tasmota

Falls jemand für sein Smart Home schaltbare Wifi-Steckdosen sucht, die keine China-Cloud benötigen und per MQTT ansteuerbar sind (z.B. für die Integration in FHEM, OpenHAB etc.):

Ich habe Steckdosen von Avatar gefunden (auch im 4er-Pack erhältlich), die sich, anders als die Sonoff S20, ohne Kabel-Fummelei over-the-air, also drahtlos, mit Tasmota flashen lassen. Außerdem ist in den Dosen auch eine Leistungsmessung integriert und sie sind billiger.

Das Flashen mit TUYA-CONVERT geht wirklich problemlos. Siehe auch diesen Artikel.

Man benötigt allerdings einen Linux-Rechner mit einem Wifi-Adapter der als Access Point fungieren kann. Ich habe hierzu einen Raspberry Pi mit dem internen Wifi-Adapter und einem fabrik-frischen Debian Buster genutzt.

Danach man die Steckdosen, wie alle Geräte mit Tasmota, per Web oder MQTT in sein Smart Home integrieren.

Die Steckdosen ersetzen bei mir die letzten Funksteckdosen im 432 MHz-Bereich, die einfach nicht verlässlich geschaltet hatten und die vor allem auch keinen Rückkanal haben. Man kann also nicht erkennen, ob der Schaltbefehl auch erfolgreich war. Mit Tasmota geht das.

Wer solche Steckdosen benötigt sollte schnell zugreifen. Es kann natürlich immer sein, dass der Hersteller, die Lücke, die für das over-the-air-Flashen benötigt wird, in einer neuen Firmware-Version schließt.

Windows 10: Delete Orphaned Network Adapters

I just had the issue that Virtualbox showed me two network adapters if I choose to create a bridged network. However, both network adapters were no longer existing and with none of the normal Windows commands you were able to see and delete these adapters.

Even searching the registry for the adapter names did not get a result back.

I then found this solution here.

The registry key, where the adapter entries are stored, are hidden even from a user running with administrative permissions

You need to run the “regedit” command with “TrustedInstaller” privileges in order to see and delete them.

You can use this tool here to do this.

You then find the orphaned entries under this registry key and can just delete from:

As always: Export the deleted entries first before you delete them. Just in case …

Spamassassin: Train Bayes Recognition

To train the Bayes recognition of Spamassassin you need to have a big amount of spam mails which you can feed to Spamassassin. Normally you would not have such amount of spam if you are just running your personal mailserver.

However you can download spam mails from the Spam Archive.

Just download the archives you want (I recommend just to use newer archives e.g. from the last 2 years) and then run the “sa-learn” command of Spamassassin. I did it like that:

Linux Backup to Synology NAS

With the following command you can backup data from a Linux server to a Synology NAS:

The parameters have the following meaning:

<backup user>: User on NAS with permissions to use rsync to the target share

<synology host>: Hostname / IP of your Synology NAS device (if it is located remote you need to make sure that it is reachable via port 873/TCP

<synology file share>: The name of the target file share on your Synology host where you want to backup the data

In the file “/root/rsync_pass” you store the rsync password of the user <backup user>. Make sure to restrict permissions of that file (“chmod 600 /root/rsync_pass”)

This commands synchronizes the directories included in the “{}” brackets including the complete filename. Deleted files in the source will be deleted in the target as well, so that you do have an exact copy of your source.

To restore files you can use the following command (Example: Restore “/etc/” with all subfolders into the target directory “/restore“:

Unfortunately this will preserve the file and directory permissions but not the original owner of the directory/file. This will work if you use another Linux server as your backup device but I have not found a solution for a Synology NAS device.

Migrate IMAP account from Google Mail to Dovecot IMAP

I just needed to migrate all mails from a Google mail account to a Dovecot IMAP server. I did this with a tool called “Imapsync“.

I just wanted to synchronize all mails from the Google sent mail folder to the “Sent” folder of Dovecot and all mails from the Google “All Mails” view to a folder called “Archive” of the Dovecot account.

You need to make sure that you synchronize the “Sent” mails first as these are also included in the “All Mails” view and otherwise will not be added to the “Sent ” folder in addition.

This is the command I used for the migration:

With the “–exclude” option you can specify which folders should not me synchronized. I excluded the Inbox as I just wanted to sync all mails to the “Archive” folder of my Dovecot account.

The “–folderlast” option makes sure that the “All Mails” folder of Google will be synchronized at the end, after all other folders have been synchronized.

With the “–regextrans2” options you can specify which source folder name should be synchronized to what target folder name. You need to adapt that in order to match your environment!

This is a real sync so you can have already mails in your target Dovecot account before which will not be deleted. And you can run this command several times and it will just only synchronize the mails which have changed on the Google mail account in the meantime.

Dovecot: Rebuild full text index

For me to remember:

Re-index the fulltext index of a Dovecot user:

Meine derzeitige Podcast-Playlist

Da ich schon ein paar Mal gefragt wurde, liste ich heute mal die Podcasts auf, die ich derzeit regelmäßig höre:

Security Now

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Der Finanzwesir rockt

Hallo, wir sind Daniel, ein Ex-Berliner, und Albert, ein Rheinländer, der zumindest eine Patentante in Berlin hat.
Wir haben festgestellt, dass zumindest der erste Teil des Hauptstadt-Mottos “Arm aber sexy” für uns nur begrenzten Charme hat.
Deshalb haben wir beschlossen, uns selbst um unser Geld zu kümmern. Dabei sind wir mehr als einmal auf die Nase gefallen, aber jetzt haben wir unsere Finanzen ganz gut im Griff.
Über diesen Weg sprechen wir im Podcast. Was hat sich bewährt, was nicht. Welche Klippen gilt es zu umschiffen.
Unser Versprechen: Wir plaudern nett über das Thema Finanzen. Du wirst eine Menge lernen, aber es wird auch lustig.

Denkangebot Podcast

In diesem Podcast geht Katharina Nocun (kattascha) aktuellen politischen Debatten auf den Grund. Gemeinsam mit Experten nimmt sie Argumente und Fakten auseinander. Dieser Podcast ist ein Denkangebot für alle, die sich gerne tiefer in ein Thema einarbeiten.


Der Podcast zur sicherheitspolitischen Lage in Deutschland, Europa und der Welt. | Die Welt um Deutschland herum ist im Umbruch. Die Zeiten sind vorbei, in denen die Bundesrepublik sich im Bereich der Sicherheit uneingeschränkt auf andere verlassen konnte. Deutschland ist in der Sicherheits- und Verteidigungspolitik gefordert. Doch die deutsche sicherheitspolitische Debatte lässt weiterhin zu wünschen übrig. „Sicherheitshalber“ schafft Abhilfe. | Hier diskutieren Ulrike Franke (European Council on Foreign Relations), Carlo Masala (Universität der Bundeswehr München), Frank Sauer (Universität der Bundeswehr München), und Thomas Wiegold ( die aktuellen Entwicklungen in der deutschen Sicherheits- und Verteidigungspolitik und die Lage in Europa und der Welt.

Viel Spaß!