Lets Encrypt is an quick & easy way to add SSL to you website.
You can also use Lets Encrypt certificates to help secure your postfix mail server.
SSL SMTP allows mail clients & mail servers to send encrypted data.Continue reading
Amazon Lightsail started offering a managed database service a few months ago.
I took a look at it … and tried it out … a while back and wasn’t really happy with it.
Although it had some nice features, I wasn’t given a ‘root’ (or super user) account and (as I sometimes do) was able to completely trash the instance within a few hours of creating it (I tried to manipulate the permissions on the master database user and ended up revoking all of them).
So I was considering creating my own database server using MySQL on a stand alone Amazon Linux instance.
This would give me a stand alone database with the flexibility to do anything I wanted.
My big concern was network security. I wanted to make sure that only my Lightsail instances would be able to communicate with the database server.Continue reading
If you’re seeing a lot of messages about untrusted TLS connections in your mail log when running postfix like this…
Untrusted TLS connection established to ASPMX.L.GOOGLE.com[126.96.36.199]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
… there’s a pretty easy fix.Continue reading
This post only covers the technical details of how to implement http/2 on an Apache web server running in Amazon Linux on Lightsail. It does not go into the details of what http/2 is or why use it. For that information, I suggest https://http2.github.io.
First you have to switch the Multi-Processing Modules (MPMs) from pre-fork (the default) to another one. I chose the event mpm for no particular reason.
To do this, edit /etc/httpd/conf.modules.d/00-mpm.conf and make the following changes …Continue reading
We all agree that email is crucial to modern life.
But what email should you use?
Everyone gets email when they sign up for high speed internet service … the problem is that you’re tied to that internet service for that email address. If you switch service providers, you could lose the address. Even worse, if your provider goes out of business, you could loose access entirely. Sometimes the email provider charges a fee for better service and/or removing advertising.
Yes, you could use Gmail, Hotmail, Yahoo, or AOL, but you’re still tired to the provider. Plus, you don’t often get to choose the best address (firstname.lastname@example.org just isn’t that sexy).
Wouldn’t it be nice if you could get an email address that belongs to you forever?Continue reading
This post is as much to help me remember as it is to help other people.
Below is a list (not comprehensive) of the postmaster resource pages for some of the major email providers.
|Microsoft / Outlook||https://postmaster.outlook.com|
On these sites you can get information about how the provider handles spam, feedback loops, blacklists, whitelists, etc.
Very useful for those managing mailing list servers.
As part of my migration to the cloud, I terminated the Comcast Business internet service and switched to Xfinity internet.
When I initially signed up for the Xfinity service, I got their cable modem / router / wifi appliance. My plan was to get my own cable modem eventually because Xfinity charges $13 / month to lease the appliance.
I was at Best Buy and saw that cable modems weren’t expensive, so I decided to purchase a mid-level model (Netgear CM600) so I could save the lease fee. The CM600 would pay for itself in about 8 months.
It took a while to get setup … and there were a few false starts, but eventually I got it working connected directly to my MacBook.
I ran into a problem when I switched the CM600 over to my ASUS RT-5300 wifi router.
I kept getting the message “Your ISP’s DHCP does not function properly” on the ASUS network map page.Continue reading
Here we have an example of a very lazy blog spammer.
At least put some effort into it … if you’re going to the effort of spamming blogs, at least fill in the substitution variables.
Spammers quite often ‘spoof’, or fake, the from address of an email.
As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.
Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.
If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.
SPF policies are DNS records that indicate what mail servers your mail is sent from.
DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.
Now what if you have a domain that you NEVER send email from?
Protecting those domains from being used in spam is even easier.