Update, December 2019: installing third-party scripts or package managers which run on boot may overwrite the file /etc/rc.local which I initially recommended using. I've revised this article to recommend a better autostart script directory; feel free to borrow the simple start/stop script I included at the end of this post. I recently purchased a Synology NAS running DSM 6, and sharing […]
Miscellaneous Whatnots
Dear mailserver operators: PLEASE stop using SSLv3!
I look after a few email servers and after implementing much stricter encryption settings at the start of the year, I noticed some emails were never making it to accounts - being rejected at the negotiation stage (where the remote server sending the email agrees an encryption protocol and cipher with the local server). I was puzzled by this. TLS […]
Fail2ban 0.10 on CentOS6 - yes we can! And my notes on successful manual upgrades
Fail2ban's official compile for CentOS6 has never advanced beyond 0.9.6-1.el6.1. While 0.9.6 works, it's old and has a few major inconveniences: No IPv6 support 🙁 A tendency for the daemon to die when parsing many logs or a high volume of activity Quite slow to parse logs when restarting after a config change So, what can we do? Well, compile from […]
Setting up a secure Postfix server in 2019 - what to consider?
Postfix is great, and widely used, but freshly installed it's like a newborn child. Nowadays there's a lot of work required to get it to an acceptable level to face the wild west of the Internet. NB: This is a living document and will probably change over time as I revise my own methods for managing my servers. Running an […]
