I am about to make changes to my mail servers. I am changing third-party providers. In anticipation of this change, I will drop the TTL on my DNS MX records. This should minimize the time it takes for this change to take effect. I say should because not all servers honor the specified TTL. I started with one of my lesser used domains, to make sure I had the nsupdate commands correct. Here […]
Adjusting the TTL on domain records Read More »
I have used Dovecot as my IMAP server since 2007. It has always been reliable and useful. Recently, I wanted to move my IMAP server to one host to another. I am the only user on this IMAP server. Wait, not I’m not, there are some test accounts on here, mostly used to verify that IMAP is running properly, but that’s no my point. The point is: we’re not moving thousands of accounts,
Setting up a new Dovecot server on FreeBSD with an OSX mail.app client Read More »
I have been using ezjail since at least 2008 (see earlier blog post). A few years ago, I started deploying iocage on new servers. About three months ago, I starting converting systems from ezjail to iocage. When I converted my first system, I found that the existing documentation for conversion was incomplete. Specifically, symlinks were a problem. I raised an issue and wrote a better script which I have since used on a
Converting thin jails to thick jails Read More »
We know the routine. You have a desktop, and a laptop, or perhaps two laptops. You want your files in both places. A shared, remotely mounted directory is not ideal. Instead, let’s have the systems synchronize themselves. That’s where syncthing comes in: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is
using syncthing between my OSX laptop and my FreeBSD server Read More »
I started playing with /usr/local/etc/periodic/security/405.pkg-base-audit as part of a monitoring system. It works fine from the command line, but when I use Nagios plugins, I am getting unexpected results. By unexpected, I mean messages about FreeBSD 10.2. The host in question runs FreeBSD 12.0. The problem cannot be reproduced on the host, only from the Nagios monitoring host. Oh wait, the Nagios monitoring host is a jail on the host in question. That
Getting ‘FreeBSD-10.2 is vulnerable’ messages on a 12.0 host Read More »
This covers the facts regarding the list of things to do on Server Build Saturday. The slocum – the new hardware changes occurred on 2 February 2019, with the help of a guy I’ve known since my early days in PA. jb33z did the heavy lifting, both of the chassis and of the HDD. He moved all the HDD from the old server to the new server. I did the SSDs, which were
slocum – the new : assembly details Read More »
This post has been replaced by a new one. For reference, the previous post on this server is still available. This server was upgraded on Feb 2 2019. Only the storage persisted. Everything else was upgraded. The hardware M/B – Supermicro X9DRE-TF+ RAM – 128GB composed of 8x 16GB DDR3 1600Mhz 21300 ECC/REG CPU – 2x E5-2620v2 – Intel Six Core 2.10Ghz Xeon 15MB cache 7.2 GT/s QPI (80W) chassis – SC846E16-R1200B SAS9300-8i
I recently became aware that ACME DNS validation can be accomplished via proxy. By proxy, I mean you can update the DNS records of another domain, not the domain for which the certificate is being issued. Why would you do this (as taken from acme.sh DNS Alias Mode): Your DNS provider does not provide API access; you can’t update the domain easily. You are concerned about the security implications. That is, a third-party
ACME domain alias mode Read More »
Tomorrow I’ll be doing some server and rack work. I’ll be moving one system into a new chassis, combining two desktops into the old chassis, and putting both chassis back into the rack. There are a bunch of steps here and I want to write them down so they all get done. These steps were completed last night: Remove tape01 and tape02 from the rack. Remove the shelf from the rack which held
Server build Saturday! Read More »
Back in late November (now 56 days ago), I started getting huge levels of very directed spam. When I tweeted about it, I was getting perhaps 100-250 a day. I thought it would soon stop and they would target someone else. They would get into my spam folder yes, but it still takes time to go through that folder. Eventually it did stop. For a few days, then it came back at about
Using Postfix to block mail based on From/sender and To/recipient Read More »