Nearly all the info online is wrong. May 16 14:14:36 xxxxx sSMTP[807358]: Unable to set TLS_CA_FILE=”/etc/ssl/certs/ca-certificates.crt” If you are relaying to a mail server on port 587, then your ssmtp.conf file should NOT have the line UseTLS=YES. It should have UseSTARTTLS=YES. If you are sending to port 465, then you would want the UseTLS=YES line.
OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using redirect-gateway def1, which works but makes some assumptions
Tunnelblick is an awesome OpenVPN client, which I have been using a lot lately on my Mac. I had a problem where it would connect the first time just fine, but then would never reconnect; it would seem to hang while trying to handshake with the server. I could get it to work again if
Note: I’m running my Raspberry Pi as a server, and NetworkManager is not installed. I discovered that if you want to manually assign search and nameserver entries in your /etc/resolv.conf file, you can’t just add the relevant entries to static entry in /etc/network/interfaces: [crayon-64cebbec36b22213060971/] For some unknown reason, the resolvconf utility will still attempt to
I was experiencing a pretty bad slowdown while trying to use the admin pages of a WordPress site recently. The load on the machine was quite low, so I began to suspect that it was trying to call out to external services (facebook, pinterest, etc) that might have been blocked by CSF (configserver firewall). I
I noticed that I was getting emails from LFD (part of the ConfigServer Firewall package) about failing to find some added check line it was sending to syslog. The syslog message looks like this: lfd[%d]: *SYSLOG CHECK* Failed to detect check line [%s] sent to SYSLOG Of course I’ve replaced the pid with %d and
I was enjoying trying out APF on my Raspberry Pi, but I noticed that it wasn’t blocking repeat attackers the way I wanted it to. fail2ban was working the way it was supposed to work, but it only blocks temporarily, and I never figured out why the gamin back-end to continuously monitor log files didn’t
I’ve written about Locamatic before, and while it’s good at what it does, there are some definite drawbacks. For one, the most recent version is alpha quality and stated for use on Mountain Lion since prior versions won’t work anymore on a newer system. But as of this writing, Mountain Lion was two major releases
The Debian / Ubuntu package for Advanced Policy Firewall (APF) seems a bit unmaintained. By default it won’t run without some initial tweaking. Note that they probably want everyone to just download and run the installer from their site nowadays, but that’s not how I roll (usually). [crayon-64cebbec37a88330554532/] In functions.apf, change the line [crayon-64cebbec37a9a118081270/] to
APF is wonderful for a good-enough firewall solution for a lot of people. But what if you also want the power of another great tool, fail2ban? The problem is, fail2ban wants to make changes directly to iptables, which APF is maintaining. Rules that fail2ban writes will be overwritten by APF. I found the solution is
This. Here’s the kicker: …but perhaps the most fundamental is a simple misconception, one that persists in the work of the FCC but also of proponents and opponents of network neutrality. It is the false distinction between what they call “edge providers” (YouTube) and “end users” (people who watch videos on YouTube). I really wish
I was curious to see how quickly I could transfer files to my Pi using SSH rather than FTP. Obviously using FTP is way faster than almost any other method, but still I wanted to see how fast I could transfer data over SSH. Here’s the time it took to transfer a 50 MB file
The usual suspects failed me last night when the $DISPLAY environment variable wasn’t being set after I logged in via SSH to my Pi. The usual suspects being to make sure that the X11 forwarding options were turned on in /etc/ssh/sshd_config on the server and in ssh_config on the client, or to use the command