Hi all,
I am trying (and so far failing miserably) to set my VPS up to handle
mail. It only has to forward mail for about 5 domains.
google is rejecting everything, and I don't understand why.
According to this page https://support.google.com/a/answer/81126 I must
authenticate with EITHER spf or DKIM.
According to https://easydmarc.com/tools/spf-lookup?domain=ianhobson.com
the spf is set up correctly, and it has been for well over the TTL of 1
hour.
However when I send hobson42(a)gmail.com a message, from
ian(a)ianhobson.com, I get the following log entries...
2025-02-22T12:14:14.865917+00:00 ianhobson postfix/cleanup[4869]:
D306590480: message-id=<20250222121414.D306590480(a)ianhobson.com>
2025-02-22T12:14:14.868393+00:00 ianhobson postfix/qmgr[4763]:
D306590480: from=<>, size=3366, nrcpt=1 (queue active)
2025-02-22T12:14:14.870663+00:00 ianhobson postfix/bounce[4872]:
533129047F: sender non-delivery notification: D306590480
2025-02-22T12:14:14.870988+00:00 ianhobson postfix/qmgr[4763]:
533129047F: removed
2025-02-22T12:14:15.257167+00:00 ianhobson postfix/smtp[4871]:
D306590480: to=<hobson42(a)gmail.com>, orig_to=<ian(a)ianhobson.com>,
relay=gmail-smtp-in.l.google.com[64.233.184.27]:25, delay=0.39,
delays=0/0/0.08/0.3, dsn=5.7.26, status=bounced (host
gmail-smtp-in.l.google.com[64.233.184.27] said: 550-5.7.26 Your email
has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail
requires all senders to authenticate with either SPF or DKIM. 550-5.7.26
550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [] with ip: [85.119.82.117] = did not pass 550-5.7.26
550-5.7.26 For instructions on setting up authentication, go to 550
5.7.26 https://support.google.com/mail/answer/81126#authentication
ffacd0b85a97d-38f25a3ee76si17083121f8f.811 - gsmtp (in reply to end of
DATA command))
2025-02-22T12:14:15.259036+00:00 ianhobson postfix/qmgr[4763]:
D306590480: removed
If I read this correctly, spf authentication failed.
The spf entry is TXT, NAME=@ DATA="v=spf1 ~all" no quotes.
Anyone got any idea what might be happening?
Regards
Ian
--
Ian Hobson
Tel (+66) 626 544 695
Hi,
Stripe have been in touch to let us know that they plan to automatically
convert us to their "Adaptive Pricing" plan from 18 March.
https://support.stripe.com/questions/adaptive-pricing
From what I can tell this means they will guess what your local currency
is and charge you in that rather than GBP, and you will pay (them) 4%
extra for that.
The FAQ page above does say that it will be optional at the point of
sale:
Example:
If the mid-market exchange rate is $1 = €1, and a US merchant sells
a $100 item to a German customer, the exchange rate applied will
include a 4% conversion fee ($1 = €1.04). In this case, the customer
will be presented with the option to pay $100 or €104. Regardless of
the customer’s currency selection, the merchant will receive $100.
(€104 / 1.04), less applicable Stripe processing fees.
I do not yet know how that interacts with the majority of our payments,
which are automated and you give consent for at the time that the card
is added. Perhaps they will ask at that point, or perhaps this will not
be applied to such charges. I have to check into that more.
But what are your thoughts?
I feel like 4% is a bad deal for almost everyone, in that almost
everyone who cares about what non-local payments cost them is able to
get a card that charges them less than 4% — and in many cases nothing
extra.
However, perhaps there are people with a worse deal.
The option is apparently presented to the buyer, but I still don't like
that it's opt out for the buyer also.
We can opt out but then no one gets the choice.
I worry that those who don't care will not feel anything while those
who do care will be disappointed that the bad deal has to be opted out
of and may even feel like this is some sort of scam, thinking that
BitFolk would get the 4%. If that is the case this would be lose/lose
for us and we should opt out.
What are your thoughts?
Is there actually anyone who ends up paying 4% or more to pay in GBP on
their card?
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
A customer running multiple Ubuntu 24.04 VPSes has reported problems
with a recent grub package update which gives this error:
grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
and then fails to complete the update, leaving dpkg in an unhappy state.
This is the first report we have seen of this. I am about to try to
replicate it. Is anyone else experiencing it?
I have a working theory that grub has become more strict and when it is
instal;led on a disk with a GPT (rather than a legacy MBR) it wants to
see an actual partition of code type EF02 "BIOS boot partition" rather
than simply the 4MiB of empty space we have been leaving at the start of
your xvda disk.
If that theory is correct then:
- It may be tricky to fix for existing VPSes
- It's an unfortunate change to introduce during an LTS release (i.e.
this worked when 24.04 was released)
But for now if you are affected I would just like you to get in touch
with me off-list.
While this is irritating and possibly awkward to fix, I don't think it
will end up as a critical issue as we don't actually need grub installed
to boot your VPS, only a grub.cfg that looks correct. It's just that the
easiest way to get that is to properly install grub.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
It was pointed out to us that the HTTPS checks on our monitoring system
were only checking for a valid TLS certificate, not for a success code
from the URL. e.g. serving a completely secure 503 error page would
result in an "OK" check result.
This morning at around 09:55 we fixed that so that the HTTPS checks are
really checking the status code of the URL supplied. This has caused a
few new alerts to start being sent to people.
By fixing that, TLS certificate validity is now NOT being checked. We
will shortly add an additional check for this. You don't have to do
anything.
HTTPS and many other checks through our monitoring system are available
free upon request.
https://tools.bitfolk.com/wiki/Monitoring
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
At approximately 00:03Z we start receiving alerts of various services
not responding and it was determined that host talisker was having some
problems with its storage.
There were lots of errors being spewed into the kernel log from the SAS
controller's driver mostly of a timeout variety, and none of the drives
attached to it were responding. A number of its MD RAID arrays fell
apart as a result and IO errors would have been seen inside your virtual
machines.
I did try a few things around resetting the controller but nothing
worked so at around 00:35 I had to forcibly kill all running VPSes and
reboot the host, which happened at about 00:29.
The host talisker booted without incident and all its RAID arrays synced
up. By around 00:39 all customer VPSes should have booted, and all those
we have monitoring for did show as up by then.
Due to abruptly losing access to storage, some data in memory will have
been lost, but hopefully apps are aware of that. I do not think any
reads or writes were corrupted so I don't think there should be any
filesystem corruption. If you are seeing any problems and your VPS is
actually on talisker than you should first have a look at your Xen
Shell consoles.
Apologies for the disruption. We will keep an eye on talisker to gain
some assurance that this was a one-off event.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
We recently received a support ticket from an existing customer noting
that they had only just noticed that they had some swap space already
provided.
They suggested that the fact that 1GiB of swap space is included should
be mentioned in the bulleted list at the top of:
https://bitfolk.com/plans.html
(though not necessarily as a bullet point all on its own)
I am a bit unsure because my instinct is that no one really cares about
swap and it's too specific a detail to go into.
What do you think?
When you made an order what were your expectations around swap?
1. Expected some to be provided
2. Didn't expect any swap and intended to add your own swap file
3. Didn't think about it at all
4. Something else?
I will probably add a note to the "your service is ready" email about
there being some swap, just so people know (if they read it, which I
know many do not). Just not sure whether worth mentioning on that page.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
The other day I saw one of BitFolk's IP addresses in a log file and
wondered which host that was, so I did a reverse lookup and got:
2001-ba8-1f1-f284-0-0-0-2.autov6rev.bitfolk.space
which was useless to me.
It's quick to look this up and fix it of course, but I wondered how many
other such addresses I had forgotten to take care of the reverse DNS
for.
In order to answer that question, automatically and in bulk, I wrote
this tool:
https://github.com/grifferz/ptrcheck-rs
The answer, for bitfolk.com, was 1 A record and 4 AAAA records.
I ran it against every customer domain on BitFolk's secondary service
and found that 20.1% of customers domains contain host records with no
PTR.
When I added:
--badre 'autov6rev'
to catch unset BitFolk IPv6 reverse DNS, that percentage went up to
26.5% of customer zones. This is not a shaming. 😀 All but one of my own
zones had at least one broken/missing PTR.
I will make a few more improvements and then turn it into a Nagios check
plugin available on request.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
It seems that since about 0500Z today the Debian mirror CDN at
deb.debian.org has been rejecting requests from our apt-cacher with a
message like:
E: Failed to fetch http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian/dists/bullse… 421 Misdirected Request [IP: 2001:ba8:1f1:f079::2 80]
I am looking into this. I don't know what is wrong yet. If you are
urently needing to uodate or install new packages just disable use of
BitFolk;s apt0cacher by removing "apt-cacher.lon.bitfolk.com/debian/"
from every line of your sources.list file(s).
I suspect some unfortunate interaction between Debian CDN (Fastly?) and
apt-cacher, as other mirrors are still working fine through our
apt-cacher.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Something that I have noticed on my bitfolk box but not other Debian machines.
I am running Debian 12.7
When I go "sudo -s" it shows a new login on a different pts.
I logged in via ssh at 16.14 and then went: sudo -s
If I run "w" I now appear to be logged in twice (1.52 is the current time):
addw pts/0 2001:4d48:ad51:2 16:14 40.00s 0.02s 0.01s sudo -s
addw pts/1 2001:4d48:ad51:2 01:52 3.00s 0.00s 0.01s sudo -s
So I am now on a different tty and the old one shows idle time.
I get similar results if I run "who".
ps shows interesting results:
# ps -f
UID PID PPID C STIME TTY TIME CMD
root 28669 28644 0 01:52 pts/1 00:00:00 sudo -s
root 28670 28669 0 01:52 pts/1 00:00:00 /bin/bash
root 28979 28670 0 01:59 pts/1 00:00:00 ps -f
# ps -fp28644
UID PID PPID C STIME TTY TIME CMD
root 28644 1819 0 01:51 pts/0 00:00:00 sudo -s
What is happening ?
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
