Blocking sender IPs in Postfix

Despite all I’ve done to filter junk mail, I recently noticed one consistent spammer who was bypassing all of my safeguards. Notably, this source has a host who’s tolerant enough that the spammer went so far as to set SPF headers, to give their messages some “credibility.”

Continue reading Blocking sender IPs in Postfix

Building git 2.x from source on Debian

For most, the version of git available with your distribution is sufficient. I, however, like to make things interesting for myself. Accordingly, neither the git build available in wheezy main nor wheezy-backports meets my needs (Jessie also doesn’t provide the latest release). Provided are 1.7 and 1.9, respectively; I need at least 2.41.

Fortunately, building git from source isn’t particularly challenging.

Continue reading Building git 2.x from source on Debian

  1. Owing to GitLab, which deserves its own post.

Creating Public Key Pinning headers (HPKP)

In my post two weeks about setting consistent headers in nginx, one of the headers I was concerned with was the Public Key Pinning header (HPKP). This, and the Strict Transport Security header (HSTS) are both defensive mechanisms meant to increase the reliability of secure connections to a given site.

Continue reading Creating Public Key Pinning headers (HPKP)

Authoritative DNS with redundancy, using nsd and Debian Wheezy

Following up on yesterday’s post about what motivated me to host my own DNS, I’ll do my best herein to detail how I pulled this off. This is written for Debian Wheezy because I haven’t finalized an upgrade plan for Jessie yet; with Wheezy LTS extending support to 2018, I hope some find this useful.

Continue reading Authoritative DNS with redundancy, using nsd and Debian Wheezy

Four techniques for monitoring server logins

With four Debian servers, each available over both IPv4 and IPv6, login attempts come from many sources. Gabriel Koen, in response to my backups post, asked what I do to monitor logins.

Currently, I use four tools to deal with login monitoring, equally split between proactive and reactive solutions. I don’t believe that any of these are Debian-specific, but I have no relevant experience with other distributions.

Continue reading Four techniques for monitoring server logins

Hello PHP 7!

With relatively little difficulty, I’m now running PHP 7 alongside PHP 5.6. PHP 7 was released at the beginning of the month, and WordPress was one of the platforms tested against. Given that I can’t stop tinkering with this server’s configuration, I really had no excuse not to set up PHP 7.

Given the myriad services I’m running, I couldn’t switch to PHP 7 outright. While WordPress and YOURLS (powering my url shortener, eth.pw) both support PHP 7, the compatibility list basically ended there.

As I went into this with a fair bit of trepidation (and many backups), what follows is a bit about my experience.

Continue reading Hello PHP 7!