Using Lets Encrypt Certificates for Postfix and Dovecot

Recently, the self-signed certificates that I use for Postfix / Dovecot on my mailserver expired and I decided to try using Lets Encrypt to obtain certificates for them. Lets Encrypt is a fully trusted free Certificate Authority developed by a consortium of organizations to promote a more secure internet. I particularly like the fact that … [Read more…]

Using ddclient for DDNS

I use ddclient to update my dynamic IP address which is assigned by Comcast. This is the gist for the ddclient configuration: # Configuration file for ddclient generated by debconf # # /etc/ddclient.conf daemon=5m syslog=yes use=if, if=eth0 ssl=yes use=web, web=myip.dnsomatic.com protocol=freedns login=abcd password=’CENSORED’ asrivas.me www.asrivas.me mailserver.asrivas.me

Memory Barriers on x86

Recently, there have been some interesting discussions at work going on around the correctness of system critical code and how memory barriers actually operate on x86. This is a very poorly understood concept mainly due to the ambiguity of the Intel / AMD manuals on the subject. x86 has a much stronger memory model than … [Read more…]

OpenWRT: Allowing PPTP clients to connect

If the worst outcome of trying to upgrade the router firmware is that you might brick it, surely the second worst is when your wife is unable to connect to her VPN when a work emergency demands it. Late on Monday night, Aish sat down to get some work done for a presentation she had the next day … [Read more…]

TP-Link Archer C7: How not to NAT

I have had the TP-Link Archer C7 wireless router for a few months now. Although the hardware in this router is great bang-for-buck, the stock firmware leaves much to be desired. I run a number of servers out of my homelab which requires the router to be configured with port based NAT rules. I found … [Read more…]

SPF for Email Authentication

Sender Policy Framework (SPF) allows receiving mail servers to authenticate whether the SMTP server originating the email is authorized to send email for the domain. Most email servers will check if the SPF record for a domain exists and if it doesn’t, there are chances that the email can get flagged as spam. Until recently, … [Read more…]

Running a Mail Server

Email (internet messaging) has been around for almost as long as the internet itself. SMTP (Simple Mail Transfer Protocol) allows for designing email systems that are open, non-federated and distributed across the internet. Unfortunately, the architects of this system did not foresee how email spam, trojans, worms and computer viruses would make life miserable for … [Read more…]

Extending an LVM partition on a Ubuntu VM

Logical volumes allow for flexibility of resizing system partitions on the fly without any downtime. This is a pretty nice feature to have in Guest OS since one does not have to worry too much about allocating the right amount of disk upfront. In a previous life, I have spent many a waking hour reinstalling … [Read more…]

Configuring unbound as a local DNS server

Unbound is a validating, recursive, and caching DNS resolver written in C and much more lightweight than its predecessor, BIND. It was developed with a focus on security and an assumption that every host it interacts with could be malicious. BIND, in comparison, has become too bloated, slow and complicated to maintain. I expect to … [Read more…]