Google has announced a sunset for SHA-1 certificate signatures in Chrome. SHA-2 (aka SHA-256, SHA-384, and SHA-512) is the remaining option for certificate signatures. I decided to upgrade my certificates to SHA-2 (256 bits). However, when I tried to use tinyca2 to generate a SHA-2 certificate, I found it was not supported. As tinyca2 is… Continue reading Adding SHA-2 to tinyca
Author: Bill Thorsteinson
Disabling SSLv3 to block Poodle
The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3. While SSLv3 is mostly history, the techniques I used can be applied to other TLS versions. Ubuntu uses configuration files split into… Continue reading Disabling SSLv3 to block Poodle
Disable TraceClassUnloading in Java 6
I recently discovered logs filling up with log messages for classes being unloaded during garbage collection. After a little research, I found that the TraceClassUnloading switch gets turned on by the Xloggc switch. After a little testing, I found that this can be resolved by adding the argument -XX:-TraceClassUnloading after the -Xloggc argument.
Hostnames for eximstats Rejections
I use eximstats to report my daily email traffic. I have a fairly high rate of rejections and wanted hostnames listed in the rejection reports. To resolve this I developed a patch to capture the hostname related to the IP address, and add this data to the rejection reports. The enhanced list saves me the… Continue reading Hostnames for eximstats Rejections
Faking IMAP for Exchange Email
Using DavMail to add IMAP, SMTP, and CalDav access to Exchange WebMail Servers. Works with Thunderbird and Windows Live clients.
Providing IPv6 DNS resolver data with radvd
How to provide DNS server addresses to IPv6 clients using Router Announcements.
Detecting Email Server Forgery
Verification methods for incoming SMTP connections with statistics. How to validate your server, and block Spambots.
Securing your Email Reputation with SPF
SPF (Server Policy Framework) is a simple means to limit the ability of others to forge your identity in email. I first implemented it after a forged identity under my domain was used to send Spam. Once SPF was configured, the bounce messages quickly dropped off. Although not as frequently implemented as sender address checks, SPF… Continue reading Securing your Email Reputation with SPF
Setting Up BackupPC on Windows
Back up Windows PCs and Laptops using BackuPC. Includes installing rsycnd on Windows.
Setting Up BackupPC on Ubuntu
Set up a BackupPC Server on Ubuntu. Includes configuration of Linux and OpenWrt clients using rsyncd.