Postfix "unavailable. unsupported dictionary type 1111" on restart? Check your brackets!

I was recently modifying a Postfix config to do some debug logging of transactions for a specific IP addresses. To do this, I modified the smtp and smtps services in master.cf to get the most verbose logging possible. 

However, I'd failed to remember to encapsulate the IPv6 address with brackets. And so, I got this in the log after restarting Postfix:

Feb  5 18:28:29 l03 postfix/smtpd[21037]: warning: 1111:2222::7777:8888 is unavailable. unsupported dictionary type: 2a04
Feb  5 18:28:29 l03 postfix/smtpd[21037]: warning: 1111:2222::7777:8888: table lookup problem

(To confuse me, that address was also the one listed in a client_checks.cidr file I'd put together which was also part of my investigation).

And when that client was attempting to connect to send an email, I was seeing this:

Continue reading "Postfix "unavailable. unsupported dictionary type 1111" on restart? Check your brackets!"

Canon Pixma owners: this simple trick can make your printer's feed rollers grab paper again!

(Grab an old sponge - yes, seriously)

I have a Canon Pixma MG5750, a Currys PC World purchase when I needed a cheap multifunction printer fast. Handy at £45 (another set of genuine ink for it costs the same, go figure). I never expected it to be perfect, I assumed it would at least be able to reliably accomplish basic things like print text onto paper.

Unfortunately, one of the fundamental printer requirements - loading its own paper during print jobs - was a little lacking with this unit. Research indicates it's sadly a common issue with this range of Canon printers.

Soon after buying mine, the paper feed (take-up of paper from the tray into the transport mechanism) started to behave irregularly. Soon after that, I ended up having to nudge each sheet of paper in to the printer, it was unable to take in paper itself. Not convenient.

I put up with this for a while but an attempt to print some documents evening pushed me into investigating. The fix, as it turns out, is really simple!

Click to read more and see photos of the paper feed roller fix

Quickly install DiG on Windows without a full BIND9 install

Today I needed to use - and install - DiG (Domain Information Groper!) on a Windows 10 box. Of course, Windows is useless when it comes to CLI tools - nslookup is past its prime and not even Windows 10 includes much by way of useful tools for DNS queries. It's shipped as part of the BIND9 DNS software from ISC.

So, let's see about DiG... Good news, everyone! - BIND9 is available for Windows, but I don't want to install the whole thing, ain't nobody got time for that. So, let's see about excerpting just the DiG executable and getting it so you can use it without specifying its full path every time, which will require setting its location in the PATH variable.

There's quite a few guides and tutorials to installing DiG on Windows. The simplest one I found was from Websistent, who recommended downloading their own zip of DiG and its necessary DLL dependencies, dropping those into windows\system32 (urk?) and using as normal.

We can do better than that:

Click to see how simple it is!

Setting up a secure Postfix server in 2019 - what to consider?

Postfix is great, and widely used, but freshly installed it's like a newborn child. Nowadays there's a lot of work required to get it to an acceptable level to face the wild west of the Internet.

NB: This is a living document and will probably change over time as I revise my own methods for managing my servers.

Running an MTA to an 'acceptable' standard now requires lots of additional config and tuning, but it's satisfying once done. Be prepared to learn lots about DNS, TLS, certificate structure, mail filtering (miltering), regular expression and monitoring - crucial once your system is operational.

Once you've had your fill of the RFCs (https://www.fastmail.com/help/technical/standards.html), there's plenty other stuff to learn. http://www.emailarchivestaskforce.org/documents/guide-to-email-standards/ is worth a read, and are you sure you know how to validate an email address? https://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx/

For newcomers, important areas to cover are:

  • understanding quirks of different email clients, some of the odd scenarios with specific email services
  • familiarising oneself with the certificate process
  • how TLS is employed with email
  • Hands-on experience is crucial!
  • Doing dry runs with a dev system is invaluable - you must be able to make and break things without taking down customers' email 🙂

I administer shared Postfix servers for numerous clients. Some are newest releases of Postfix, and some, due to legacy requirements, are older. Nothing necessarily wrong with that, but some configuration options aren't always available.

If I was setting up a new Postfix server today, I'd go through these steps:

Continue reading "Setting up a secure Postfix server in 2019 - what to consider?"
I