14May 2020 by Jim Blaich

Proxmox Mail Gateway rejections from some domains but not others, aka “my last post if full of shit”, sort of.

computers, dovecot, email server, Linux, Postfix
It is really hard to test some of this stuff out.  In my last post I did certainly cover the effect but I thought I understood the cause as well.  That is not the case, so I was full of shit, so to speak, and sort of. The problem was, if my customer sent or forwarded from some domains both related to one company the emails were rejected.  A reject email was sent back to the originator of the email. I thought this had to do with configuration of the Proxmox Mail Gateway (PMG).  That was partially correct.  Those things I spoke about in my previous post were problems, and I did correct them, and that is a good thing.  There was more wrong.  I needed to resolve that as…
Read More
11May 2020 by Jim Blaich

Proxmox mail gateway rejected some emails claiming SPF failure.

Uncategorized
The one thing about computing is that it is so literal.  I wish programmers would add some intelligence into their products, yet allow us to override it. In this case for a customer a user attempted to forward an email from her old email account to the one I set up on their very own email server.  It worked great, but I didn't have the proxmox mail gateway put in place. When I set this up I immediately got a message from her telling me that the forwarded message didn't go through to the new server, that it had rejected it and sent her a reject message. She forwarded me the rejected email and I looked it over and found that it said SPF failure. I checked her registrar's DNS…
Read More
08May 2020 by Jim Blaich

Roundcube Webmail Error 600 Service Unavailable when setting identities for things such as setting your signature.

Uncategorized
I just set up an email server for someone and after encouraging them to use it I decided to configure some of the features, one of which was the signature block.  I initially just wanted to ensure that the reply that I make to a user has the quoted text from the original email below where I type and to have my signature in the proper place just above the quoted text. I did some searching and found that you have to set this in identities under roundcube's settings.  I chose to do this and received an error Service Unavailable Error 600.  That's the rough wording. After searching one person said that the issue could be a permissions issue in the plugins folder.  I checked and ensured that all the…
Read More
08May 2020 by Jim Blaich

Proxmox Container Fails to Start on New Setup

Uncategorized
Proxmox is set up in an exceptional way, except one. That is obviousness for certain features.  It tries but fails.  Here's what I mean. When set up proxmox you tell it to create storages.  In my case I have the SSD that I installed promox onto.  It sets up a small portion for the OS and the remainder is left to allow for you to use as you see fit.  In my case I always set up a second drive or array of drives.  This is where all my containers go and is typically much larger than the boot drive that promox was installed on. Here's the issue that I dealt with yesterday and today.  I set up an email container based on Ubuntu 18.04 LTS.  In here I installed…
Read More
23Apr 2020 by Jim Blaich

Server Maintenance and Upgrades.

computers, Linux
The file server has been running for years without issue.  It still is.  The other day I thought I’d do a disk test on the drives in the raid array. In order to have enough drives in the system I had to add a raid card.  These are the cards found in Dell servers that can be modified to turn on IT mode allowing SATA drives.  When you get them you modify the firmware in DOS of all things, but it is super simple.  And then you buy 1 or 2 cables with 4 SATA ends for the drives.  I say 1 or 2 because there are two ports on the card where you can plug in a 4 port SATA cable enabling 8 total.  With a 2nd card you…
Read More
08Apr 2020 by Jim Blaich

Netgear R8000 VPN travails

Android, Linux, Netgear, Port Forwarding, ports, VLAN, VPN, Windows
Lots of problems using this router for VPN services.  They don't allow accounts and they all use the same cert.  If you have to withdraw a cert from someone you do it for everyone.  Not a good idea. Here's the issue.  VPN was turned on, and configured as default -- using default ports for both TCP and UDP.  Normally you'd use 1194 but this defaults that you use 12973 and 12974 respectively for protocols.  Not sure why.  Why would you need two ports for this when frankly openvpn uses UDP by default? Anyway, nothing we did would make this work.  Multiple checks against settings.  Testing from remote locations with multiple clients.  A sifting of the openvpn configuration files.  Ensuring certificates and keys were in place.  Nothing would work. I attempted…
Read More
28Mar 2020 by Jim Blaich

Blocking Annoyance Sites Like Stretchoid

Uncategorized
These guys claim to be researchers.  They are researchers with over 24,000 IPv4 addresses?  Something's fishy here. On most systems you have a firewall.  You have a firewall at your router and you have a firewall at your workstation. In Linux you may use iptables and/or UFW.  The goal of these is to block IP addresses of users that you believe are nefarious or have no reasonable need to even be looking at your computer. For instance, someone sending you email is a reasonable use.  Someone visiting your website is reasonable use.  Someone testing the ports on your email or web server is not reasonable.  In the strictest word those should be banned at the very first attempt to scan or break in. In Linux you have UFW that can…
Read More
23Mar 2020 by Jim Blaich

Apache Redirects

Uncategorized
You would not believe the clusterfuck this is.  Apache is so worried about backwards compatibility that just blowing away what others have done to jury rig their systems to make them work properly is thought as something that would be a nightmare. Yes, a nightmare it would be, but at some point it has to be done.  The problem is that the context of the settings, directives, mods, proxy, etc are so ill documented and are so poorly implemented and there are so many know nothing Joe experts out there that getting a solid understanding of what is actually happening to make this all work just isn't possible.  Not for mortal man that is. Yeah, many will claim they aren't mere mortals (the supposed experts) and that you should go…
Read More
22Mar 2020 by Jim Blaich

Rsyslog and fail2ban — reload fail2ban if you add new remote logging

Uncategorized
If the purpose of implementing rsyslog is to store logs that's good.  If you get all the logs in one place and you don't use those to implement security with fail2ban well we have to question your sanity.  Not really, but it would be a good idea to consider that.  This post is about one thing I noted when setting this up. I'd initially set up rsyslog on my containers and then thought about setting it up on all containers/computers that had exposed ports to the internet for any service.  That brought to mind my SSH jump server. My opinion of security is pretty strict.  If you try to get in and you aren't supposed to for any reason you are banned for life, period.  I won't debate it.  My…
Read More