Category Archives: Technology

Lets Encrypt and Postfix

Lets Encrypt is an quick & easy way to add SSL to you website.

You can also use Lets Encrypt certificates to help secure your postfix mail server.

SSL SMTP allows mail clients & mail servers to send encrypted data.

Continue reading
Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
Although not directly supported, it's quite possible to use the LetsEncrypt certbot client on Amazon
We bit the bullet ... we got iPhones.   Our Verizon cell phone contract has
If you run a wordpress blog, you really should  be aware that there is a

Lightsail Network Isolation

Amazon Lightsail started offering a managed database service a few months ago.

I took a look at it … and tried it out … a while back and wasn’t really happy with it.

Although it had some nice features, I wasn’t given a ‘root’ (or super user) account and (as I sometimes do) was able to completely trash the instance within a few hours of creating it (I tried to manipulate the permissions on the master database user and ended up revoking all of them).

So I was considering creating my own database server using MySQL on a stand alone Amazon Linux instance.

This would give me a stand alone database with the flexibility to do anything I wanted.

My big concern was network security. I wanted to make sure that only my Lightsail instances would be able to communicate with the database server.

Continue reading
Related posts ...
Back in October of 2012 I devised a way of blocking abuse of my mailing
Over the holiday weekend, I experienced the ultimate computer security mechanism: "Spontaneous Security" I was
OK, I've had this phone a few weeks ... time for me to list some
By now everyone's probably heard about the data breach at Epsilon ... which resulted in

Trusted TLS with Postfix

If you’re seeing a lot of messages about untrusted TLS connections in your mail log when running postfix like this…

Untrusted TLS connection established to ASPMX.L.GOOGLE.com[172.217.197.27]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

… there’s a pretty easy fix.

Continue reading
Related posts ...
Although not directly supported, it's quite possible to use the LetsEncrypt certbot client on Amazon
We bit the bullet ... we got iPhones.   Our Verizon cell phone contract has
Here's a tip for internet domain owners: Make sure the contact information for your domain
Our area has never gotten good cell phone coverage.  Doesn't really mater what carrier we

Http/2, Apache, & Lightsail

This post only covers the technical details of how to implement http/2 on an Apache web server running in Amazon Linux on Lightsail. It does not go into the details of what http/2 is or why use it. For that information, I suggest https://http2.github.io.

First you have to switch the Multi-Processing Modules (MPMs) from pre-fork (the default) to another one. I chose the event mpm for no particular reason.

To do this, edit /etc/httpd/conf.modules.d/00-mpm.conf and make the following changes …

Continue reading
Related posts ...
Amazon Lightsail started offering a managed database service a few months ago. I took a
As a follow-on to my first post about Amazon Lightsail, here's some additional information that
Although not directly supported, it's quite possible to use the LetsEncrypt certbot client on Amazon
Ha! I'll be you thought this blog was dead. Well, truth be told, it was

Your Email Address

We all agree that email is crucial to modern life.

But what email should you use?

Everyone gets email when they sign up for high speed internet service … the problem is that you’re tied to that internet service for that email address. If you switch service providers, you could lose the address. Even worse, if your provider goes out of business, you could loose access entirely. Sometimes the email provider charges a fee for better service and/or removing advertising.

Yes, you could use Gmail, Hotmail, Yahoo, or AOL, but you’re still tired to the provider. Plus, you don’t often get to choose the best address (johnsmith5734563@xyz.com just isn’t that sexy).

Wouldn’t it be nice if you could get an email address that belongs to you forever?

Continue reading
Related posts ...
I've noticed an interesting trend in the comment spam I've been getting (luckily few of
Well, I jumped the gun a bit and installed the iPhone 2.0 update. Overall, I'm
Well, our good friends at Yahoo are at it again. Once again they are deferring
Most ISP's and network providers have specific email addresses that you can report abuse to.

Postmaster Resources

This post is as much to help me remember as it is to help other people.

Below is a list (not comprehensive) of the postmaster resource pages for some of the major email providers.

Microsoft / Outlook https://postmaster.outlook.com
Google https://postmaster.google.com/
Yahoohttps://help.yahoo.com/kb/postmaster
Comcasthttps://postmaster.comcast.net/
AOL https://postmaster.aol.com/

On these sites you can get information about how the provider handles spam, feedback loops, blacklists, whitelists, etc.

Very useful for those managing mailing list servers.




Related posts ...
Here we have an example of a very lazy blog spammer. At least put some
Back in October of 2012 I devised a way of blocking abuse of my mailing
Most ISP's and network providers have specific email addresses that you can report abuse to.
A while ago I added a new anti-spam technique to my mail server setup called

Your ISP’s DHCP does not function properly

As part of my migration to the cloud, I terminated the Comcast Business internet service and switched to Xfinity internet.

When I initially signed up for the Xfinity service, I got their cable modem / router / wifi appliance. My plan was to get my own cable modem eventually because Xfinity charges $13 / month to lease the appliance.

I was at Best Buy and saw that cable modems weren’t expensive, so I decided to purchase a mid-level model (Netgear CM600) so I could save the lease fee. The CM600 would pay for itself in about 8 months.

It took a while to get setup … and there were a few false starts, but eventually I got it working connected directly to my MacBook.

I ran into a problem when I switched the CM600 over to my ASUS RT-5300 wifi router.

I kept getting the message “Your ISP’s DHCP does not function properly” on the ASUS network map page.

Continue reading
Related posts ...
Although it took more a lot longer to actually get around to making the change
Yes, it happens occasionally. Once again it was with Comcast. Well, at least partially.  This
I've got a bit of a conundrum about utilities ... specifically, the Cable TV utility.
While doing a little searching, I found some information on email feedback loops for other

Lazy Blog Spammer

Here we have an example of a very lazy blog spammer.

At least put some effort into it … if you’re going to the effort of spamming blogs, at least fill in the substitution variables.

Sheesh

Related posts ...
This post is as much to help me remember as it is to help other
Back in October of 2012 I devised a way of blocking abuse of my mailing
Most ISP's and network providers have specific email addresses that you can report abuse to.
A while ago I added a new anti-spam technique to my mail server setup called

Protecting domains from spammers

Spammers quite often ‘spoof’, or fake, the from address of an email.

As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.

Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.

If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.

SPF policies are DNS records that indicate what mail servers your mail is sent from.

DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.

Now what if you have a domain that you NEVER send email from?

Protecting those domains from being used in spam is even easier.

Continue reading

Related posts ...
I really wish there was a way to indicate, in DNS, that a domain never

(Read this entire post, as there is a very weird problem described later) It's been

Well, our good friends at Yahoo are at it again. Once again they are deferring

Most ISP's and network providers have specific email addresses that you can report abuse to.