Happy Chinese New Year! This is the Year of the Dog and we celebrated by visiting Lily’s family in Queens. The kids love abusing their cousins so it was all good.
In reality we just enjoyed the time off. This is the first time in a long time that Lily has really had a day off; this is a very busy time of year for her at work.
I think this coming week we may want to take the kids out to eat but today Flushing and Chinatown ought to be a mad house if you are driving and looking for a place to park. Weekends 11am – 2pm are normally just bad but today with everyone out and about it really would push me over the edge just looking for parking.
The operation was a success but the laptop died. Something in what I did made the NTFS partition an “unmountable_boot_volume” so I could run Ubuntu perfectly but could not get my Windows XP working.
. . .
Okay I re-installed everything from scratch. This time I added Google Pack. The appeal to me is that it has most of the software I want in one place. The installation was pretty smooth and I had planned to put all those programs on my laptop anyway.
The Norton 2005 A/V that came with it was odd. I had to run live update and reboot something like 5 times and kept running live update. It definitely has a recycled feel to it. In 6 months my subscription will be up, I’ll see what will be available after that.
The ability to host your own web server or e-mail server.
The last one grabbed me and you can un-block ports 25 and 80 (SMTP and HTTP). The rest is probably not bad; I just don’t really have much use for items 2 through 6 myself. If I were doing the home business thing that might work for me.
The speed is great but at some point we hit “ludicrous speed”. The servers I am downloading from aren’t that well connected so no “light speed is to slow” for me.
There is a catch: the IP address is dynamically assigned. Static IP addresses are not yet offered. For hosting a server this is not really a problem since they offer different dynamic DNS clients for Linux and for Windows.
For sending e-mail from your domain, this might be an issue. My current address is 18.104.22.168. If you check my address in Multi-RBL you can see that that IP address is on a ban list of both njabl.org and sorbs.net, so anyone I send mail to who subscribes will not accept mail from a server in my basement.
I used to use SORBS, now I use Spamhaus, they seem to have a more accurate hit rate for me. The dynamic address is not a show stopper since I use another server I maintain to deliver my e-mail.
Still having a static IP address would be more attractive. I have spoken with the tech support at Optimum Online about this, they don’t offer it but are contemplating doing so in the future.
My Internet gateway at home is a old Dell XPS 450. It’s a PII running at 450Mhz, has a 30GB IDE drive, and 256MB RAM. No cd-rom drive, I removed it when it broke a few years ago. When I need to install an operating system, I temporarily attach a DVD drive.
I was previously running Fedora Core 3 on it. Fedora is okay, but it is on an aggressive development schedule. For example Fedora Core 2 was released May 18, 2004, patches are currently supported by the Fedora Legacy Project. That’s how the model works, the main project works on releases and patches for a small amount of time. Then the Legacy project takes over the patches. It’s all well documented and explained.
My problem is the amount of time for main project support is too short. I don’t want to keep installing a new Linux distribution, but I do want timely patches. The legacy project is pretty good, but they definitely have resource issues. The current Fedora Core gets patched quickly as you expect. But in order to stay current you should have the latest release.
The SUSE ftp server has patches for the 9.0 release, which came out October 2003. That is the kind of support I am looking for. I downloaded the SUSE Linux OSS 10.0 CD images, ran a script to create a DVD image. I burnt the DVD, attached a drive to my old box and installed away.
Now that ports 25 and 80 are no longer blocked, I wanted to use the basement box as a backup mail server.
I want the server to
receive mail for dembowski.net and epyon-1.com
use TLS encryption if possible
check the sender’s IP address against Spamhaus
greylist the traffic
virus scan the mail
rate the content for spam
I installed the SUSE package for Postfix and configured it to only accept mail for my domains, open mail relays are BAD. I referred to The Book of Postfix for guidance; Postfix is now a breeze. The only thing I deviated from was to generate a self signed certificate as so
This created a self signed key and certificate with an expiration of 10 years. That is the pem file that I refer to in my postfix main.cf file.
Greylisting is the I have added to kill spam. It works like this: a mail server connects to my server and tries to deliver mail. The servers IP address, the sender’s e-mail address, and the recipient’s address goes into a database. Instead of accepting the mail, my server sends back a 450 code, which basically says “Not now I’m busy. Try back in 5 minutes”. A RFC compliant mail server will attempt to re-send later, and all further attempts (after 300 seconds) from the IP address, sender e-mail, recipient e-mail combination will be accepted.
Spammers typically do not try to re-send, and the sender’s e-mail is often random so they never get in at all. See http://isg.ee.ethz.ch/tools/postgrey/ for more info, this is a very effective means to control unwanted mail.
I added the SUSE packages for Spamassassin, ClamAV, and Amavisd-new for content filtering.
A few tests and all was done. I modified my MX records for my domains, and have been receiving mail on my new box. This server does not attempt to deilver e-mail except to the destination servers for my two domains.