Menu Close

Category: LoneStar Network

New SSL certificates by Let’s Encrypt

LoneStar 0 Comments
views

httpsBetween yesterday and today I changed the SSL certificate used on the websites of lonestar.it and unixportal.net, and for the SMTP / IMAP mail services of mail.lonestar.it.

Up to now I used a wildcard certificate, regularly purchased on StartSSL . It was a cost-effective service to get a 2-year wildcard certificate. The convenience is that the certificate was valid for * .lonestar.it, and therefore in any network service.

But the StartSSL Certification Authority has been deprecated by major browsers because of some irregularities committed after acquisition by a Chinese company.

As a result, as of recent versions of Firefox and Chrome, certificates issued by this authority are no longer accepted as valid (green color next to the url bar), but are shown as unrecognized (red color next to the url bar).

So I’ve decided to start using the free service of Let’s Encrypt , which has been very successful lately thanks to the new philosophy of free release of certificates to anyone, for a short time (90 days maximum), so as to encourage adoption of https and tls protocols by everyone.

The short duration of certificates implies the transition to an automatic renewal and replacement mechanism, compared to the previous habit of obtaining a valid certificate for a few years and then install it manually on the various servers involved.

Let’s Encrypt offers an official python-based client to perform these automated tasks on the most popular distributions and common services. But since I use Slackware as distribution and s/qmail as a mail service, I preferred to use the Dehydrated script, which is based on bash and curl.

So I’ve set up some scripts that request certificates, no longer wildcard but individual for each service, and install them where necessary.

All seems to be working 🙂

SMTP-VRFY enabled

LoneStar 0 Comments
views

These days I have enabled SMTP-VRFY functionality in the LoneStar Network MTA service, so that I can create/remove mailboxes through Vmail and have them automatically recognized by the ASSP antispam filter
that is put to upfront protection to the service itself.

Up to now, manual intervention was required by means of editing a text file containing the list of acceptable mailbox addresses.

With this change, any box created through the management web interface will be dynamically recognized as enabled.

Migration to s/qmail

LoneStar 0 Comments
views

s/qmail phoenix logoAs already discussed in the past, LoneStar Network’s mail system is based on qmail. In spite of the many criticisms for the pluridecentennial abandonment of this software and the wide preferences of many for Postfix, qmail has never given the least problem and with the integration of the Erwin Hoffmann’s Spamcontrol patch has always been proven a very good choice, at least for my needs.

For a number of years it was expected that the original author of qmail would keep the promise of releasing a version 2.0, but that never happened. Even the netqmail branch, which for some time had gained some popularity, has been abandoned for a long time.

Instead, Erwin Hoffmann continued to carry on his Spamcontrol patch over the years, adding features and fixing problems, which eventually made it a kind of qmail 1.5 rather than a simple patch with anti-spam functionality.

And since some time Hoffmann has made the leap of quality. He has stopped developing a patch to be applied on the original qmail 1.03 code, and started issuing a fully revised and extended qmail code, of which the previous Spamcontrol patch contents have become an integral part, and new additional features such as native IPv6 support and compilability in x86_64 environments. He called this “risen” qmail with the name of s/qmail.

S/qmail started with version 3.0 and is now released to release 3.1.9. This is a drop-in replacement that can be installed as an update of an original qmail while maintaining its configuration and installation paths, as well as all commonly used external extensions and software (eg Dovecot, ezmlm, VMailMgr, Vpopmail, etc.).

So I finally decided to move from my previous qmail 1.03 + Spamcontrol 2.7.33 to the new s/qmail 3.1.9 and for some days the LoneStar Network’s MTA is already running with this new version. There were no problems of any kind in the migration and I think they should not appear later.

Goodbye Nokia

LoneStar 0 Comments
views

It’s the end of an era. Let’s make it clear: I’m just talking about technology, software, phones, companies… nothing worth shedding tears or being in big pain, but what has happened in these weeks, and still is happening, has a bitter taste.

More than at a general level, it has a bitter taste also – and mainly, being me the main subject of this site! – at my personal level. I’ve owned only Nokia phones for decades, beginning with the 5110, then the 6310, 6150,7210, 6600, N80, N82 and the latest N85. I’ve always been faithful to a brand being considered by me – and many others – as the absolute top. An european product, built in total independence and autonomy, drawing the lines to which all others had to come up to, even those who were leaders in other markets.

Yes, a brand that has also made mistakes, that rested on its own laurels in the latest years, letting other newcomes to start barking loud, partly for too much self confidence, and partly for a sort of philosophical idea, which is the one that I also support, stating that phones are for phoning. It’s nice and cool if they can do also other stuff, but it’s not that much important. Browsing the internet, reading mail, talking with this or that, they are all nice, interesting, useful and sometimes comfy features, but in the end the main tool for such things is another one, the PC, and what truly matters in a phone device is good phoning audio quality, good signal reception, a good addressbook, and simple menus.

This philosophy has been widely abandoned during the latest years, with phones doing everything and more, and with a lot of people using them to do things you’d normally do with a PC. But Nokia was doing something on this field, they were working on a new operating system, actually a full Linux distribution – after all Nokia is finnish and Linux was born in Finland – which was going to be something really new, with the ability to run KDE applications, with an open environment that would have been able to compile and install free software packages beyond the AppStore logics of Apple and Android – even if this would have been available too. A real dream OS. A dream in which a lot of people, including me and all those who had not wanted to switch to Blackberry or iPhone or Android, were believing and were patiently waiting for, with no hurry – because phones are for phoning, and my current Symbian based phone still does this very well – and we were honestly sure that the Nokia giant was there ready about to wake up and bash all these newcomers with just the power of his finger. breaking their illusiong of making him worried.

But Nokia made all us wake up, and the dream is over. The new system, MeeGo, is late. It’s always been late since when it’s being conceived, and a deal has been striked with Microsoft to use Windows Phone 7 as main platform. A full and total capitulation of all was being done, and of all what Nokia has been meaning until now!

This decision may even bring positive market results in the long term – it’s not bringing them right now -, but it leaves all faithfull supporters stupified, disappointed and angry. They had not left yet also because they definitively didn’t want any Windows on our phones. And they still don’t want any. And thus they’re not going to buy a Nokia phone anymore. Just like me, I am now forced to take into consideration something not being a Nokia as my next phone, after no less than 15 years. And obviously this will be an Android, since the only apples that will ever enter my house are those coming from trees.

(All the technical and political considerations, the theory of US and Microsoft’s plot, the role of Elop as Ballmer’s trojan horse, the talks on what actually good might have comed from Meego, and on the goods and bads of WP7, on what’s happening in Finland, on Nokia workers’ strikes, on the finnish government being worried, on the European Union financing projects that Nokia has now implicitly declared dead, and all such I leave it to articles, blog posts and comments that are only second to those discussing our Prime Minister’s judiciary issues.)

My own cloud

LoneStar 0 Comments
views

Keeping faith to my previous words on cloud computing, I’ve decided to work on my own installation of ownCloud.

ownCloud is a service developed by the KDE team which aims to realize a personal storing and sharing platform for files and information.

In simple terms, and using words now commonly spread in the world of web 2.0, it is a personal Dropbox system managed and installed on our own systems, using our own ip addresses and our own disk space.

It’s actually a webDAV service with some bells and whistles, including a small PHP management and configuration portal. WebDAV is not new, it’s been out for years, but recentlly it’s gathering popularity due to its usage in all modern shared disk space services.

Requirements are really minimal: you need a Linux distribution with Apache, PHP, mySQL or SQLite for backend, and some disk space. I’ve assigned to it the same virtual machine I’m using for monitoring, and I’ve added a virtual disk within vSphere’s datastore.

Actually it’s still missing something to be a full Dropbox replacement: a local sync client, allowing to keep a local folder in continuous synchronization with the service, and allowing to copy the content on several installations. A client is on the works but it’s still not ready.

Currently it’s possible to use ownCloud through webDAV on all devices supporting it, and it can be “mounted” on KDE’s Dolphin, adding a new network folder.

For the adventurous LoneStar Network users who are willing to test it, you can to have an account. As soon as there will be userfriendly clients ready for use on Linux/Mac/Windows I will publish proper instructions, and the service will become part of LoneStar Network’s offering for its users.

CC BY-NC-SA 4.0 .