For quite some time I have been looking into setting up my own mail server. But having configured postfix for a little service I run, I'd been cautious making changes into that direction. Postfix offers too many configuration options, too many settings and all in a way that's too arcane to me; every change in fear of accidentally creating an open relay by accident.
But recently I came across an article by SIDN about four modern systems for self hosting e-mail and I was intrigued. Especially about Chasquid, with its limited scope and focus on security, also through ease of configuration.
Getting started
Actually the tool comes with a nice setup guide. And first bonus, it suggest to just make use apt (although it won't get you the latest); no special repos. So I made sure a test server I had running was updated to the latest Debian and installed Chasquid a…
Continue reading...
I don't mind running my own virtual servers. Fail2ban is a tool I've had running on my servers for years. It helps fencing of requests from ip-addresses that repeatedly misbehave when connecting to SSH and postfix. I never got to creating my own rules. I thought I had to write it in some arcane scripting language, but recently I learned it is pretty easy.
In this case I wanted to block 500 (internal server error) and 422 (Unprocessable Entity) errors. A server error once in a while is expected, but repeated server errors are suspicious. Common source of these errors are scripts that scan for things like SQL injections.
Examples given are for Debian.
/etc/fail2ban/filter.d/nginx-errors.conf
[Definition]
failregex = ^ -.*"(GET|POST|HEAD).*HTTP.*" (500|422)
port = http,https
ignoreregex =
backend = auto
logpath = /var/log/nginx/access.log
bantime = 600
maxretry = 10
And appending to /etc/fail2ban/jail.local…
Continue reading...
A technical note to myself: One way of doing multiple things simultanenously on a server can be by setting up multiple connections via SSH, that's how I used to do things before. An alternative is to use a single connection and use the command screen on the remote server. Another good reason to use screen is if you have a long running process that you don't want to break just because your SSH connection flips on and off with your computer going in and out of stand-by.
This is for absolute beginners. If you don't know about screen, this is for you. If you are already familiar with screen, I probably won't be able to educate you :o
So what is Screen?
GNU Screen is a kind of window managment system for the terminal (you're ought to say terminal multiplexer) and has several advantages over using multiple SSH connections. Most importantly: the processes keep running when SSH d…
Continue reading...