Mail

You are currently browsing the archive for the Mail category.

Subscribe to the Mail category feed

SSL Certificates are now provided by LetsEncrypt. For now only the web server has been migrated; SMTP and IMAP will be moved over shortly.

Update 2017-02-28: SMTP and IMAP have been migrated to the LetsEncrypt certificates as well.

Updated kernel, added disk space. Brief outages around 12 am PST.

Updated server to Ubuntu 14.04 and bumped up RAM. Brief outage around 11 pm PDT.

I’m rolling out new SSL Certificates. These are signed by the StartSSL Certificate Authority, replacing the ones signed by the illustrious nerdylorrin.net Certificate Authority. What finally pushed me over the edge was not the tedium of installing my own CA certs on all my client machines, nor a diminishing thrill in trying to keep track of my own CA certificate files. No, what did it was Google’s decision to make Android continuously punish users who have added their own CA certificates to the trusted list:

Android continuously displays this warning when an additional CA cert is installed on the system.

Thanks, Google.

On the bright side, having a cert signed by a “real” CA also allows basking in the glory of a “A” rating on the Qualys SSL Labs server test.

The new certs are already deployed for www.nerdylorrin.net and will roll for mail and webdav before long.

Brief outages on kiwi over the weekend (website, blogs, mail) for opsys and disk space upgrades. For most clients, any SSL connections will now have perfect forward secrecy. One more brief outage coming soon to move to a cheaper server in the data center, which will require an IP address change.

Updated 2013-11-15: Moved to new server. IP addresses changed, DNS updated. Everything seems to be back up and running. Down for about an hour.

Two outages this month! Kiwi was down for about an hour Saturday evening for a bi-annual upgrade to a new Ubuntu LTS release. Everything should be back to normal now.

Web pages (including blogs) and email were intermittently unavailable between 8:15 and 9:15 pm (PST). Kiwi was moving to a new host and getting more RAM and disk space. IP address and DNS are unchanged.

There’s an interesting tale on Wired about someone receiving a recruiting email from Google and thinking an apparent security flaw in the message signature was a candidate screening quiz. It was, in fact, a security flaw. Lesson learned: I upgraded kiwi’s DKIM key from 768 to 2048 bits.

kiwi was inaccessible for about an hour this evening due to a router failure. Don’t worry, it’s not the router failure the SOPA-supporting elephant killer had. RimuHosting runs the show here.

kiwi was down for about 3 minutes this afternoon to upgrade disk space. I also applied the latest WordPress security patch.

икона за подаръкJust before 10pm PST on 2012-02-16 Apache memory usage got out of control and made kiwi unresponsive for nearly an hour. Everything back to normal now but root cause remains elusive.

Update 2012-02-21: Most likely cause is that I simply allowed Apache to spawn too many threads. If correct, things are under control now.

Kiwi (hosting everything except the Gallery) was down for an hour starting 2012-01-09 13:45 (PST) due to RAID issues on the host machine. Alas, for a while now MySQL hasn’t been starting automatically on reboot. I forgot about this and therefore WordPress was out of commission for two days. Mea Culpa. I have now finally fixed the MySQL configuration so it should be able to start automatically again.

Подарък иконаикониKiwi (web presence other than Gallery; email) moved to new hardware in the RimuHosting Dallas data center. Outage was 12:51 – 1:24 am Pacific time. IP addresses changed from 72.249.17.232 to 74.50.48.111.

In unrelated news, I’ve taken down the public nerdylorrin.net wiki. It turns out not many people were excited about poking around my notes.

Kiwi ran completely out of memory and crashed hard just before noon (PDT) today. Back up around 9:15 pm (PDT).

Gallery, wiki unaffected (they run on different servers).

Update 2010-08-06:

I’ve belatedly taken some stops to reduce memory usage. Spamassassin and Apache will now fork fewer child processes, which will hopefully keep things under control.

Kiwi ran out of disk space and memory (perhaps running out of disk space resulted in no room for the swap file to grow?) around 1 am PST this morning. Upgraded both and brought back online around 6:45pm PST.

Web sites (except Gallery and Wiki) and mail were down. Everything should be back to normal now.

Websites (other than wiki and gallery) and mail were out a few hours this evening (approx 4:00 – 7:15 p.m. PDT ). They’re hosted on kiwi, which locked up and needed to be restarted. Unlike the December outage, this time it was just kiwi and not the parent Xen host. Root cause unclear. Spam Assassin was churning through a bunch of spam at the time, but that could be a random correlation.

Websites (other than wiki and gallery) and mail were out a couple times this afternoon. The parent Xen host crashed twice and was rebooted by RimuHosting. Sigh. Hopefully it’ll stay up this time.

Update 12-25: I must have jinxed it. Host continued to have issues and was out overnight. (Sleigh riding with Santa?) Seems to be back up now after a Xen upgrade.

The CA certificate used for all nerdylorrin.net secure communication expired at the end of June. As a result you may have noticed security warnings popping up when accessing mail, WebDAV, or SSL protected web pages. A new CA certificate good through 2017 is now available. See the SSL Certificate instructions on how to update.

I’ve signed up for a hosted server since that’s quite a bit cheaper than any of the options for upgrading the internet connection here. It will be a while before I’ve migrated all the services over. My current plan is to move mail first and then move the web sites one domain at a time.

The new host doesn’t have enough disk space for the Gallery. If you’ve got some online disk space to share, please let me know.

Mail Bounces

From Friday 11/10 through Friday 11/17 some email messages passing through nerdylorrin.net were bounced back to the sender.

nerdylorrin.net lives in my basement attached to a Comcast cable modem. Sending mail from Comcast is difficult! Normally mail servers directly contact the destination mail server to transmit the email. Unfortunately many mail servers refuse direct connections from Comcast subscribers because the ratio of spambots to real mail servers is too high. I had been relaying mail through Comcast’s official mail server to avoid this problem. But Comcast’s mail server didn’t like the volume of mail it was receiving from nerdylorrin.net.

Chuck has generously offered to let me route mail through his server (which lives in a real data center). This resolves the problem since Chuck’s server has neither the spam stigma of a Comcast subscriber nor the quotas of Comcast’s official mail server. Thanks Chuck!

Affected messages unfortunately can’t be retrieved since they were bounced back to the original sender without going through nerdylorrin.net again. The total number of affected messages appears to have been small. Apologies for any headaches this caused.

Independent Mail Domains

Until now all mail domains hosted here shared a single address space. For example, johndoe@nerdylorrin.net and johndoe@yourdomain.org had to go to the same mailbox. That limitation is now removed. You can now have whatever aliases you want!

If you want to add any aliases to your domain just let me know. As always, these can forward to an email account hosted elsewhere or can go to a mailbox hosted here.

The mail server is now filtering spam at receipt time. This means all mail services, including forwarding accounts and mailing lists, are protected.