Turns out the datacenter outage this week seriously damaged the host server that my VPS was runnning on. I've spent the better part of the waking hours since I got home last night rebuilding the email server portion.
I swear by Postfix, complimented by policyd-weight and postgrey. I have some tweaking to do to the policyd-weight settings and I need to install fail2ban for the spammers who continually hammer the server in spite of receiving a BuzzOffNotice. Amavis, ClamAV and SpamAssassin are fairly hands off. One site I was reading debated the need for ClamAV these days, saying that most of the virus payloads get stopped by the anti-spam measures. Interesting idea.
It's not lost on me that, yes, I should have had a backup of these files. It's not without irony that I deleted the files from the last server update just last week. I'll have to search the WayBackMachine for a few bits of website that I don't have backups of.
As for things residing in ~, I got sshfs working this afternoon and I'll be able to keep settings synced across different servers. Next step is to combine sshfs with autofs and have it mount the remote files as they are needed.
Links
Postfix setup:
http://rimuhosting.com/support/settingupemail.jsp?mta=postfix
http://colekcolek.com/2012/02/25/install-spamassasin-clamav-amavis-ubuntu-debian-squeeze/
http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/
http://www.unixwiz.net/techtips/postfix-HELO.html
fail2ban:
http://www.howtoforge.com/fail2ban_debian_etch
http://www.fail2ban.org/wiki/index.php/Main_Page
pflogsumm:
https://calomel.org/pflogsumm.html
postgrey logging:
http://www.debuntu.org/postfix-and-postgrey-a-proactive-approach-to-spam-filtering-page-2/
Thursday, February 07, 2013
Wednesday, February 06, 2013
Exhasperation
Currently debating my choice in VPS provider. Before November, I was a long standing user of TekTonik VPS service, but the price and limits on certain services had me go shopping for another service. The service I opted for was 1/3 the price and allowed me to run a Tor server.
Since switching over I have had a server issue due to high loads on their LA servers which the said was due to the high number of Pacific Rim users who VPN in to access U.S. content. After getting my server transferred to Chicago, there have been several datacenter outages and one service interruption/suspension due to someone using my Tor Exit relay for spamming.
I didn't have very many issues before the move. Now after the latest host crash I am debating the need to do a new round of shopping. I am not looking forward to having to transfer server setting over all over again. I wish I could run a virtual server on a virtual server and just copy the server from one install to the other.
Since switching over I have had a server issue due to high loads on their LA servers which the said was due to the high number of Pacific Rim users who VPN in to access U.S. content. After getting my server transferred to Chicago, there have been several datacenter outages and one service interruption/suspension due to someone using my Tor Exit relay for spamming.
I didn't have very many issues before the move. Now after the latest host crash I am debating the need to do a new round of shopping. I am not looking forward to having to transfer server setting over all over again. I wish I could run a virtual server on a virtual server and just copy the server from one install to the other.
Wednesday, January 30, 2013
Virtual Machines
Recently I had a 1 a.m. incident. You know that moment. It's 1 a.m. and your hard drive is making nasty noises and you are clear that you are in no state of mind to begin fixing the problem. I use CrashPlan, so I have regular backups of my data, but I've never found a good way of quickly restoring the OS after one of these episodes. I resolved to make a secondary data backup to an external hard drive and go to bed. The nasty sounding hard drive itself will have to wait.
I have know about Virtual Machines, but had never really dealt with them before. I started looking into them and decided the one that sounded the best was VirtualBox. I have tried a few OS images, running into quirks here and there.
I currently have working images of Debian Linux and Windows Vista Home Basic running under Windows Vista 64bit Home Premium. One I am happy with the performance and my skills in using VirtualBox, I'll replace the hard drive (which hasn't made the a fore mentioned nasty noises since that night) and load a Linux OS as the Host OS.
Downloads – Oracle VM VirtualBox
debian sshfs automount fstab - Google Search
Mounting Remote Directories With SSHFS On Debian Squeeze - Page 2 | HowtoForge - Linux Howtos and Tutorials
How to: Mount Remote Directories using sshfs | Linuxers
SSHFS: Super Easy File Access over SSH | Linux Journal
SSHFS: Super Easy File Access over SSH | Linux Journal
SSHFS: Super Easy File Access over SSH | Linux Journal
I have know about Virtual Machines, but had never really dealt with them before. I started looking into them and decided the one that sounded the best was VirtualBox. I have tried a few OS images, running into quirks here and there.
I currently have working images of Debian Linux and Windows Vista Home Basic running under Windows Vista 64bit Home Premium. One I am happy with the performance and my skills in using VirtualBox, I'll replace the hard drive (which hasn't made the a fore mentioned nasty noises since that night) and load a Linux OS as the Host OS.
Downloads – Oracle VM VirtualBox
SSHFS:
debian sshfs automount fstab - Google Search
Mounting Remote Directories With SSHFS On Debian Squeeze - Page 2 | HowtoForge - Linux Howtos and Tutorials
How to: Mount Remote Directories using sshfs | Linuxers
SSHFS: Super Easy File Access over SSH | Linux Journal
SSHFS: Super Easy File Access over SSH | Linux Journal
SSHFS: Super Easy File Access over SSH | Linux Journal
Tuesday, January 22, 2013
Resources for batmand
Amazon.com: Monoprice Micro USB Backup Battery Pack for Smartphones, Cellphones, and Cameras (1900mAh): Cell Phones & Accessories
USB Storage - OpenWrt Wiki
WR703N | modlog.net
Build One
Open Garden Lets You Crowdsource Your Mobile Connectivity | TechCrunch
Quick-start-guide - batman-adv - Open Mesh
Batman-adv-openwrt-config - batman-adv - Open Mesh
[B.A.T.M.A.N.] The great #batdroid hackathon of July 2010
/ - android-batdroid - B.A.T.D.R.O.I.D. connects your rooted Android handset to B.A.T.M.A.N. mesh networks. - Google Project Hosting
WiFi Tether for Root Users - Android Apps on Google Play
WiFi Tethering - Android Apps on Google Play
Setting up a BATDROID/MP network - Google Groups
https://blog.itu.dk/SPVC-E2010/files/2011/08/13adhocandroid.pdf
Emergent Network Field Day - Makers Local 256
Projects - Commotion Wireless Project
Background and philosophy - Commotion Wireless - Commotion Wireless Project
USB Storage - OpenWrt Wiki
WR703N | modlog.net
Build One
Open Garden Lets You Crowdsource Your Mobile Connectivity | TechCrunch
Quick-start-guide - batman-adv - Open Mesh
Batman-adv-openwrt-config - batman-adv - Open Mesh
[B.A.T.M.A.N.] The great #batdroid hackathon of July 2010
/ - android-batdroid - B.A.T.D.R.O.I.D. connects your rooted Android handset to B.A.T.M.A.N. mesh networks. - Google Project Hosting
WiFi Tether for Root Users - Android Apps on Google Play
WiFi Tethering - Android Apps on Google Play
Setting up a BATDROID/MP network - Google Groups
https://blog.itu.dk/SPVC-E2010/files/2011/08/13adhocandroid.pdf
Emergent Network Field Day - Makers Local 256
Projects - Commotion Wireless Project
Background and philosophy - Commotion Wireless - Commotion Wireless Project
Life and Death Planning
Some links I am perusing to that got my attention.
- Get Your Sh*t Together Helps You Gather the Most Important Documents You Need Before You Die
- Blog | Get Your Shit Together | Life and Death Planning: Low effort, high reward.
- How to Create an In-Case-of-Emergency Everything Document to Keep Your Loved Ones Informed if Worst Comes to Worst
- Gather These Twenty-Five Documents You Need Before You Die
- The Complete Guide to What To Do Before, During, and After a Disaste
Sunday, January 20, 2013
Mobile devices, VPS, and OpenVPN
I am debating tackling OpenVPN. Or taking a nap first. I may regret trying to tackle this without having a clear head.
One of my project ideas is to route all the house mobile devices though the VPS that runs our email and web services. The idea being that when a user has the laptop for example at a Starbucks and is using the open wifi connection, all data is encrypted and can't be compromised.
The idea is that the VPN should be unintrusive to the user. Set it and forget it. This means in some cases where it is a hardware to hardware tunnel that there is no prompt for username and password.
I am trying to find the proper OpenVPN settings for this and it is a challenge.
OpenVPN HowTo goes into much detail about OpenVPN , but outside of the static key bit lacks any concise discussion about the server modes.
OpenVPN without username/password is specific to pfSense. I am trying to find more details related to changing the server mode.
OpenVPN 2.0.x, example 3 is the first one I'll be trying, if I can convert it from CLI notation to a server.conf file.
That's where I'll stop for now.
One of my project ideas is to route all the house mobile devices though the VPS that runs our email and web services. The idea being that when a user has the laptop for example at a Starbucks and is using the open wifi connection, all data is encrypted and can't be compromised.
The idea is that the VPN should be unintrusive to the user. Set it and forget it. This means in some cases where it is a hardware to hardware tunnel that there is no prompt for username and password.
I am trying to find the proper OpenVPN settings for this and it is a challenge.
OpenVPN HowTo goes into much detail about OpenVPN , but outside of the static key bit lacks any concise discussion about the server modes.
OpenVPN without username/password is specific to pfSense. I am trying to find more details related to changing the server mode.
OpenVPN 2.0.x, example 3 is the first one I'll be trying, if I can convert it from CLI notation to a server.conf file.
That's where I'll stop for now.
Thursday, January 17, 2013
Internet In the News
In the news today are several Internet related articles. The first is a cool software service called Connectify. This is what they have to say:
"Connect to multiple Internet connections for their combined speed and reliability. With just a couple clicks, you’ll be cruising the web at warp speed. The more Internet connections you have, the faster you’ll go!"Currently only for Windows PCs, they are developing a Mac client as well. I read about them back when they were a Kickstarter campaign. It's a great idea if you live in an area with multiple wifi hotspots available.
VPNs
PC Magazine has a piece on the Google plan to offer a Wifi network in Lower Manhattan. The title does a great disservice to the discussion, Why You Shouldn't Trust Google's Free WiFi Network. This sensationalist title should be action oriented, Google's Free WiFi Network, How to Protect Your Privacy. Don't scare people away from the network. Tell people how they can protect themselves. The article does discuss a few options users can take, and these are steps that EVERYONE should take regardless of the Open network one chooses to use.
I would even go so far as to say that user need to start using VPNs on their home internet connections due to the number of reports of digital snooping by ISPs. While not Identity Theft related, ISPs are looking at destinations and protocols used and throttling service based on this. Not exactly the Open Internet I want to have around, personally.
I have done a little bit of research on commercial VPN services. You can check it out here.
Wednesday, January 16, 2013
Putting words on "paper"
Brain Freeze
I have many technical ideas floating around in my head. I bounce around from one to another to another with little getting accomplished. Here is where I begin to change that.Current project ideas:
Hacking the WR703N travel router
Making use of the Ubiquity NanoStation Loco M2
Repurposing the OpenMesh 1P
Using batman-adv
Compiling a sysupgrade firmware image for the WRT54G to run batmand
WR703N Ideas
Car Radio - USB Hub, GPS, Wifi, Flashdrive, Soundcard - Download via wifi the recently played songs from local radio to play without ads.
BoomBox - Wifi, Flashdrive, Soundcard - Download specific songs to play on the boombox.
NAS - USB Hub, HD cables. Create a NAS from the many extra HDs collecting dust.
Mobile VPN/Tor Gateway - Single box for forwarding traffic to the Tor Network and/or a VPN.
Asterisk - PBX in a box for Google Voice, etc.
Asterisk - PBX in a box for Google Voice, etc.
Suspended VPS
This week I had my Tor node server suspended due to someone sending spam through the node. Rude awakening there. After promising my VPS host that I would turn off the exit and only run a relay node, they turned it back on. Important since that server is also home to our email and web hosting. More work to be done on this front.Recharge
I need to spend some time recharging. I am looking into creative groups. One group I am looking into is tln MakerSpace which is currently looking for a new hack project. Another that I have been trying to participate with more is FLUX,
Florida Linux User Xchange.
Finally, I am a proponent for the Open Wireless Movement. Imagine being able to open your phone or laptop and just jump on the internet without any barriers to entry. This is what OpenWireless is about.
Finally, I am a proponent for the Open Wireless Movement. Imagine being able to open your phone or laptop and just jump on the internet without any barriers to entry. This is what OpenWireless is about.
Memorium
Subscribe to:
Posts (Atom)