Hi,
I am a (delighted!) relatively new BF user and run two dozen websites under Centos and Virtualmin, with no email as I keep email off my webserver.
I am fed up with Cpanel in multiple ways and want to drop the server where I currently have all my email and mail forwarders.
Is another VPS on Centos with Virtualmin a good route to manage my and my clients’ email?
Or is there a better solution for a mail server?
Cheers
Hugh
Hi all,
I run Debian Bullseye on my VPS. Overnight, Bind9 updated to version
9.11.1-1 and promptly crashed.
The fault is already known:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2413
and appears to relate to the use of a named ACL for "allow-update" in the
config. This matches my setup.
I've just downgraded back to 9.16.8-1 for now and that fixed things for
me. Thought I'd mention it, just in case anyone else runs into problems.
If you're on Bullseye and use ACLs in your Bind config, it might be
worth putting a hold on updates to bind9 for a little while.
Cheers,
Alun.
Hi all,
If you are running your own email server and you are using SpamCop
(spamcop[.]net) somewhere in your spam filtering set-up, this is
important.
The service has had its DNS registration lapse and now points to a
domain parking service. More importantly, any lookup against the
SpamCop blocklist will return a positive response, which spam filters
take to mean the domain is listed.
While it would not be difficult for a DNSBL client to distinguish
between these responses and proper DNSBL responses (which usually are
in 127.0.0.0/8), but in practice most don't.
So if you are using SpamCop, it is strongly advised you remove it from
your DNSBL client until the domain starts working again.
Martijn
Hello,
On:
https://bitfolk.com/techspec.html#toc_2_Available_Linux_distributions
I am listing Ubuntu EOL dates as found at:
https://wiki.ubuntu.com/Releases
However, it seems that the EOL dates from the Ubuntu wiki refer to
Extended Security Maintenance:
https://ubuntu.com/security/esm
If I understand things correctly, this:
- covers only a small subset of the archive
- requires an Ubuntu Advantage account
- entitlement to ESM updates is only available for free for
personal use on up to 3 machines
So, for example, the recent "sudo" security issue is not available
for 14.04 LTS users unless they meet the above requirements.
If I have misunderstood things can someone correct me?
If not, I don't think it is particularly clear of us to list those
EOL dates on BitFolk's page and instead we should list the "End of
Standard Support" ones.
Thoughts?
And if we do list "End of Standard Support" dates, should that be
matched with "end of stable support" dates for Debian? The situation
for Debian is not straightforward either:
https://wiki.debian.org/DebianReleases#Production_Releases
While LTS and ELTS are available free to everyone (BitFolk is one of
monetary sponsors that makes that possible), they do only cover a
subset of what was in Debian stable.
A summary of what each thing means for Debian is something like:
Stable Security:
- Supported until release end of life
- Package maintainers and security team are supposed to provide
security fixes for every package in the stable release
- buster EOL: some time in 2022
Long Term Support:
- Dedicated team of paid developers provide security fixes on a
best effort basis; sometimes package maintainers help.
- Known to only cover a subset of the archive; most important
packages do get updates.
- buster LTS EOL: likely some time in 2024
Extended LTS:
- Even smaller team of paid developers provide security fixes
- buster ELTS EOL: likely some time in 2026
Which is these things is fair to call a supported Debian release?
Really I'd just like to keep some consistency.
(Personal controversial interjection: I'm no CentOS fan but this is
exactly what people will miss about CentOS. It was a straightforward
10 year support commitment. Which was a massive commitment. It
wasn't always timely, but you knew that RHEL would get an update and
then CentOS would. For 10 years. That has value.)
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi there,
I'm trying to troubleshoot an issue on my home network, using my Bitfolk VPN. I'm pretty sure the issue is with my ISP's network, but to be sure, is there any thing on Bitfolk's network that would be filtering incoming UDP packets to port 500?
That's my question, but for the sake of clarity, this is the issue I'm actually trying to solve.
I can't get WiFi calling to work on my home network. It used to work, but around the time I got a new router from the ISP (hyperoptic), it stopped working. I am pretty ignorant about how WiFi calling actually works, but it seems like it needs to send to UDP 500 to establish a tunnel into the telco network.
I used netcat to try sending packets to my BitFolk host, and netcat on said bitfolk host to receive them. It seems I can send and recieve to port 499 and 501, but not port 500.
My conclusion is that my ISP is somehow filtering out 500/UDP, but I need to know that it definitely isn't something at the bitfolk end, before I start wading through Hyperoptic's support tiers.
I am aware that Hyperoptic use Carrier Grade NAT, but I pay extra for a static IPv4 so that *shouldn't* be an issue.
Also, here's the Layer Four Traceroute for one of the EE WiFi calling gateways:
sudo lft -z -u -d 500 109.249.190.48
Tracing ......**********
TTL LFT trace to 109.249.190.48:500-516/udp
1 _gateway (192.168.0.1) 0.5ms
2 141.xxx.xxx.xxx.bcube.co.uk (141.xxx.xxx.xxx) 8.0ms # (redacted, my IP)
3 172.16.23.244 2.3ms
4 172.16.16.77 2.0ms
5 172.17.12.16 1.9ms
6 172.17.10.148 7.0ms
** [500-516/udp no reply from target] Use -VV to see packets.
If anyone can assure me that it should be possible to recieve port 500 UDP packets at Bitfolk, that would be great, but happy to hear if anyone has any other insights into why WiFi Calling doesn't work for me, that would also be great.
Thanks,
--
Misha Gale
PGP Public Key: 0x1986B8E1 https://mishagale.co.uk/pubkey.asc
Hello,
If you are using the CBL DNSBL in your mail filtering setup (I was)
or for any other purpose, please note that it has shut down:
https://www.abuseat.org/cutover.html
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
Most (all?) versions of sudo have a bug where local unprivileged user
can get root access:
https://www.openwall.com/lists/oss-security/2021/01/26/3
Updates are already out for most distributions that are still
receiving security updates. If yours isn't then you might want to
remove sudo (and think about an upgrade).
This is CVE-2021-3156.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi all,
I have had a VPS with Bitfolk for the past twelve years and before
that was able to use HantsLUG to host my genealogy related website.
Things have moved on and my wife and I are no longer doing family
history research, my wife's co-researcher who I was keeping my website
on line for recently died.
So I no longer need a VPS so as it is due for renewal shortly so
decided time to call it a day.
I am grateful to Andy for providing the service and to all those Hants
Luggers who helped me over the years. I have never regretted moving my
loyalty from RedHat to Debian and even managed to persuade my wife to
dump Win7 last year and let me install Debian Bullseye on her
computer.
i will be 90 years old next year but have let that hold me back and
until lockdown closed gyms was doing resistance training 3 times a week
and still workout at home to programs my Personal Trainer send me every
two weeks making full use of the small amount of gym kit I have.
I am also planning ahead and intend having a flying lesson in a
gyrocopter for my 90th birthday and doing a skydive on my 100th.
Wishing you all a prosperous and covid free 2021
John Lewis
Hello,
With the news that RHEL will be free for up to 16 servers:
https://arstechnica.com/gadgets/2021/01/centos-is-gone-but-rhel-is-now-free…
is anyone willing to spend some time trying to install it in a
chroot then getting it to boot under Xen PVH mode?
Assuming it is possible to access the RPM files, I assume the
process will be very similar to the current CentOS 8 process:
https://tools.bitfolk.com/wiki/Installing_CentOS_8
which can be summarised as:
1. Prepare a chroot
2. Install CentOS base system into it
3. Enable EPEL repository to switch it to kernel-ml package so that
it works under Xen.
I will provide the VM account to do it, and some amount of account
credit once it is done and documented in the wiki.
I have no idea what hoops one must jump through to get a Red Hat
developer account nor if it is possible to download the RPMs like
that once you do. If I did I'd do this myself!
Please Contact me off-list if interested in helping out.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
I don't think there's many¹ of you running Fedora, but as of
kernel-core-5.9.8-100.fc32 they switched their kernel compression
method from gzip to zstd.
Similarly to Ubuntu — which switched to lz4 from 19.10 onwards —
this leaves it not bootable in Xen PV mode as the PV boot loader
doesn't understand zstd (or lz4) compression.
This may not be obvious to you as this has happened in the middle of
a release and I don't think it is announced anywhere that the
compression method was changed. Nor would such an announcement
necessarily prepare you for the sudden boot failure in any case.
The simplest way forward is to switch to PVH mode:
https://tools.bitfolk.com/wiki/PVH#Fedora
If for some reason you don't want to switch to PVH mode², you will
need to get a kernel that is not compressed with zstd. Possibly
there are other kernels available for Fedora, or you could use
extract-vmlinux to decompress the packaged one.
Cheers,
Andy
¹ We don't have an installer for it, but it can be installed from
the Rescue VM, and at least two of you did that.
² I don't know of any reason not to use PVH mode.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
