RSS Feed

‘Site Workings’ Category

  1. Email Server

    August 21, 2013 by Daniel

    People who read this may or may not know that my job is an Email Sysadmin. I’ve had my personal Email on GMail since they introduced it and I always though it was pretty neat. It worked great, pretty much always up and had all the cool features as well as being fast. And hey, it was Google, you could trust them – after all their motto was “Don’t Be Evil”.

    And then the Snowden/Prism stuff happened.

    It got me thinking, hey this is my job and my personal stuff. This is something I care about and I’m trusting it to people I don’t know. It’s not like I’m even paying them to do it, why would they have my interests at heart. In fact the only way they can afford to run the service for me is by it making it easier to target ads at me and how do you think they do that?

    So they only answer for me was to go back to how Email was originally intended to work. To run it for yourself, to check things yourself. Not part of some massive anonymous cloud system that exists across borders. – I fully understand why people don’t do these things for themselves, they are relatively fiddly and Gmail is **free!**

    But it’s about principle.
    So I went about trying to find a good place for my server to be. As I mentioned earlier, this is my job but I think it’s not a great idea to mix business with pleasure. Yes I could simply route my own mail to my Work mailbox. Job done. But if I ever left or it was frowned upon it would make things trickier so divest myself from it. So I thought about the people in small part of the Internet that I know about it. I used to work in one of Manchester’s largest Datacentres so I thought about those days and who I used to get on well with. Bytemark stood out. I always got on well with them, they always looked like the knew exactly what they were talking about and I thought, yeah I trust them. They have a great standing in the community and I know that if I wanted, I could go and touch the machine that my VPS was hosted on if I wanted (* not actually sure if this is true but I reckon I’ve a good chance).

    So onto the build of the mail server.

    Symbiosis
    Bytemark’s VPS’s offer a distro they’ve knocked up called Symbiosis. In the reading of the manual for this I though hey that seems really simple. It works great ‘out of the box’, but I can still get to the bits I want to fiddle with, beats using a CPanel for ultra configurability.
    Things can be as simple as firing up an SCP client, logging in and creating files to get mailboxes set up and configured. You can switch on spamscoring and virus checking just by creating the relevant config files (yes, just files, it’s already set up, just watching out for relevant files to enable it or not).
    MySQL, Apache, Exim, Dovecot and the rest of your favourite are all already there waiting for you. So you can get going with it really quickly. It’s all preconfigured to do backups and updates. It’s really not much work, which is good for a server you just want to leave going really.

    MX Records
    Let’s think through the DNS for a bit. It’s a good idea to have redundancy on this so if you can basically just duplicate what you’ve done with one mailserver on the other. I haven’t, because I’m cheap. But what you could do is team up with a friend you trust who wants to do it as well and just relay mail for each other. It should happen often if you set one with a higher priority MX. I’ve not actually done this myself ( a- hadn’t though of it til now b- not enough friends) what i’ve actually got at the moment is a fall back lower priority mx record of Google. Yeah, I know – what a hypocrite! But it’s probably temporary until I can make some friends plus it was already set up to work on my domain.

    Weaning off the Big G
    It was always going to be a little tricky to wean all the way off the big G because I had several mailboxes on my domain over at Google Apps that I wanted to leave there and still have mail delivered onto Gmail. All this principle and privacy is fine for me to worry about, but I’m not so sure if my wife feels the same way when it comes to putting up with SquirrelMail for a webmail interface (I’m pretty much IMAP only so I don’t care).
    So what I did was set up a forwarding rule on my VPS for those mailboxes and they get sent on to a subdomain of mine that I set up in my Google Apps account as a domain alias. It’s all completely transparent to the user (no complaints yet anyway), they get another layer of spam filtering and I get lovely log files I can trawl through if needs be (don’t get those hosted at Google!).

    Encryption
    Here’s a big conundrum. The now infamous ‘NSA Proof your email in 2 hours‘ blog post is mostly about making sure the filestore is encrypted. Symbiosis does a great job of doing all the secure TLS transmission of mail, a self signed X509 cert is there for you already (feel free to add your own if you like, I’ve not bothered for £££ reasons). So things in the interwebtubes are more often than not all nicely encrypted already so you don’t have to worry too much about the NSA tapping the wires. At the moment I figure, they’ve got to get to the physical box to read my filestore. I’m the only one with root access (not even Bytemark), so they’d need to bruteforce that to get in without my knowing.
    So it’s probably something I might look at again in future because I am super paranoid (**it’s not that I have something to hide, it’s that they could look without asking me). His instructions are all for postfix anyways and I like exim.
    For TLS encryption testing you can verify it with this tool.

    IPv6
    Another of my personal internet crusades is the take up of IPv6. It’s a chicken and egg problem and I really like that Bytemark are out in front on it. Your VPS comes with both 4 & 6 addresses, no extra work needed. You just makes sure you add a AAAA record for your MX to point at (Along with an ‘A’ record dur, we’re not quite ready for 6 only yet!). You can use Freenet6 to test your set up.


  2. Yet Another Move

    May 20, 2009 by Daniel

    I’ve yet again moved blogging applications. This time it’s back onto WordPress which these days has a rather spiffing admin interface and some nice new templates. Why why why? I hear you ask. Well before I was using Blogger because I was being too lazy to do anything else and I’ve come across a backup of older wordpress posts that I wanted to import. However Blogger being what it is I was unable and so instead have taken advantage of Blogger’s ease of use and am now on that instead. So update your feeds and fireup your browsers, content galore!

    There’s still some years missing I know 2006-2008 mostly, I think they are on a long archived hard drive somewhere or other but who knows when i’ll dig that up! 🙁


  3. New WordPress Installation!

    December 14, 2005 by Daniel

    Finally then, I installed wordpress. It`s running on my laptop at the moment but hopefully soon i`ll get it set up on my main site hosting.

    It’s doing something funny with apostrophe’s too.


  4. RapidWeaver Update

    December 3, 2005 by Daniel

    So I updated RapidWeaver the program I use to edit the site, but it didn’t have the theme I was using anymore so, obviously, i’ve changed it.
    I’m not 100% happy with it. But for now it’ll have to do.


  5. Some more widgets

    November 15, 2005 by Daniel

    So i’ve been messing around and i’ve put my last couple of songs played in the side bar along with my latest del.icio.us links (all neatly parsed from rss) along with a couple of blog banner type things.
    I’ll probably tire of it all soon, but hey it filled a quiet lonely evening waiting for Kate to get back from New York!


  6. Hosting

    November 15, 2005 by Daniel

    OK now i’ve got my password for my hosting I can see about getting this site to work now…


  7. new page

    November 11, 2005 by Daniel

    Put some pictures up


  8. Hello Word

    November 11, 2005 by Daniel

    Hello world!