Happy Chinese New Year!

Happy Chinese New Year! This is the Year of the Dog and we celebrated by visiting Lily’s family in Queens. The kids love abusing their cousins so it was all good.
In reality we just enjoyed the tim…

year of the dog symbolHappy Chinese New Year! This is the Year of the Dog and we celebrated by visiting Lily’s family in Queens. The kids love abusing their cousins so it was all good.

In reality we just enjoyed the time off. This is the first time in a long time that Lily has really had a day off; this is a very busy time of year for her at work.

I think this coming week we may want to take the kids out to eat but today Flushing and Chinatown ought to be a mad house if you are driving and looking for a place to park. Weekends 11am – 2pm are normally just bad but today with everyone out and about it really would push me over the edge just looking for parking.

A Not by Kurt Vonnegut speech

Anyone remember the Kurt Vonnegut Commencement speech that never happened? Wear sunscreen? The text was great, and sounded very cool. It’s just Kurt Vonnegut did not pen it nor deliver it.
I was br…

Anyone remember the Kurt Vonnegut Commencement speech that never happened?  Wear sunscreen?  The text was great, and sounded very cool.  It’s just Kurt Vonnegut did not pen it nor deliver it.

I was browsing some blogs, and found a reference to this.  Guy Kawasaki wrote a speech and apparently gave it a few times.  It is a fun read.

Google Pack

Friday I installed Ubuntu on my laptop.
The operation was a success but the laptop died. Something in what I did made the NTFS partition an “unmountable_boot_volume” so I could run Ubuntu perfectly…

Friday I installed Ubuntu on my laptop.

The operation was a success but the laptop died. Something in what I did made the NTFS partition an “unmountable_boot_volume” so I could run Ubuntu perfectly but could not get my Windows XP working.

. . .

Bundle_smOkay I re-installed everything from scratch. This time I added Google Pack. The appeal to me is that it has most of the software I want in one place. The installation was pretty smooth and I had planned to put all those programs on my laptop anyway.

The Norton 2005 A/V that came with it was odd. I had to run live update and reboot something like 5 times and kept running live update. It definitely has a recycled feel to it. In 6 months my subscription will be up, I’ll see what will be available after that.

Optimum Online Boost

I have had Optimum Online Boost for a few days. It s not bad and here is what they offer (from the website):

Faster speed, up to 30 Mbps down and up to Mbps up.
Total of 15 e-mail addresses,…

I have had Optimum Online Boost for a few days. It’s not bad and here is what they offer (from the website):

  1. Faster speed, up to 30 Mbps down and up to Mbps up.
  2. Total of 15 e-mail addresses, 1GB each.
  3. Different setup’s for creating web sites.
  4. Domain registration.
  5. Web hosting.
  6. 15 custom e-mail addresses (some.joe@yourdomain.com).
  7. The ability to host your own web server or e-mail server.

The last one grabbed me and you can un-block ports 25 and 80 (SMTP and HTTP). The rest is probably not bad; I just don’t really have much use for items 2 through 6 myself. If I were doing the home business thing that might work for me.

The speed is great but at some point we hit “ludicrous speed”. The servers I am downloading from aren’t that well connected so no “light speed is to slow” for me.

There is a catch: the IP address is dynamically assigned. Static IP addresses are not yet offered. For hosting a server this is not really a problem since they offer different dynamic DNS clients for Linux and for Windows.

For sending e-mail from your domain, this might be an issue. My current address is 24.46.186.255. If you check my address in Multi-RBL you can see that that IP address is on a ban list of both njabl.org and sorbs.net, so anyone I send mail to who subscribes will not accept mail from a server in my basement.

I used to use SORBS, now I use Spamhaus, they seem to have a more accurate hit rate for me. The dynamic address is not a show stopper since I use another server I maintain to deliver my e-mail.

Still having a static IP address would be more attractive. I have spoken with the tech support at Optimum Online about this, they don’t offer it but are contemplating doing so in the future.

Basement server installed

SUSE not Fedora
My Internet gateway at home is a old Dell XPS 450. It’s a PII running at 450Mhz, has a 30GB IDE drive, and 256MB RAM. No cd-rom drive, I removed it when it broke a few years ago. Wh…

SUSE not Fedora

My Internet gateway at home is a old Dell XPS 450. It’s a PII running at 450Mhz, has a 30GB IDE drive, and 256MB RAM. No cd-rom drive, I removed it when it broke a few years ago. When I need to install an operating system, I temporarily attach a DVD drive.

I was previously running Fedora Core 3 on it. Fedora is okay, but it is on an aggressive development schedule. For example Fedora Core 2 was released May 18, 2004, patches are currently supported by the Fedora Legacy Project. That’s how the model works, the main project works on releases and patches for a small amount of time. Then the Legacy project takes over the patches. It’s all well documented and explained.

My problem is the amount of time for main project support is too short. I don’t want to keep installing a new Linux distribution, but I do want timely patches. The legacy project is pretty good, but they definitely have resource issues. The current Fedora Core gets patched quickly as you expect. But in order to stay current you should have the latest release.

The SUSE ftp server has patches for the 9.0 release, which came out October 2003. That is the kind of support I am looking for. I downloaded the SUSE Linux OSS 10.0 CD images, ran a script to create a DVD image. I burnt the DVD, attached a drive to my old box and installed away.

Postfix, Spamassassin, anti-virus, Oh My

Now that ports 25 and 80 are no longer blocked, I wanted to use the basement box as a backup mail server.

I want the server to

  • receive mail for dembowski.net and epyon-1.com
  • use TLS encryption if possible
  • check the sender’s IP address against Spamhaus
  • greylist the traffic
  • virus scan the mail
  • rate the content for spam

BookofpostfixI installed the SUSE package for Postfix and configured it to only accept mail for my domains, open mail relays are BAD. I referred to The Book of Postfix for guidance; Postfix is now a breeze. The only thing I deviated from was to generate a self signed certificate as so

openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout dixie.dembowski.net.pem -out dixie.dembowski.net.pem

This created a self signed key and certificate with an expiration of 10 years. That is the pem file that I refer to in my postfix main.cf file.

Greylisting is the number one most effective thing I have added to kill spam. It works like this: a mail server connects to my server and tries to deliver mail. The servers IP address, the sender’s e-mail address, and the recipient’s address goes into a database. Instead of accepting the mail, my server sends back a 450 code, which basically says “Not now I’m busy. Try back in 5 minutes”. A RFC compliant mail server will attempt to re-send later, and all further attempts (after 300 seconds) from the IP address, sender e-mail, recipient e-mail combination will be accepted.

Spammers typically do not try to re-send, and the sender’s e-mail is often random so they never get in at all. See http://isg.ee.ethz.ch/tools/postgrey/ for more info, this is a very effective means to control unwanted mail.

I downloaded a postgrey RPM from http://www.lfarkas.org/linux/packages/el3/i386/SRPMS/postgrey-1.23-0.src.rpm and modified the postgrey.sysv file to match SUSE. Rebuilt package and installed.

I added the SUSE packages for Spamassassin, ClamAV, and Amavisd-new for content filtering.

A few tests and all was done. I modified my MX records for my domains, and have been receiving mail on my new box. This server does not attempt to deilver e-mail except to the destination servers for my two domains.