BitFolk Users

users@mailman.bitfolk.com

1117 discussions

SPF, DKIM and DMARC (and TLS connections) will be mandatory for Gmail and Yahoo from February

by Gavin Westwood

I only found out a few days ago that Gmail and Yahoo (and possibly others) will require senders to have SPF, DKIM and DMARC records (as well as certain other criteria) from February 2024: https://postmarkapp.com/blog/2024-gmail-yahoo-email-requirements I'm currently setting this up for a couple of my domains (it's already working on a test sub-domain) to make sure I do it right, but thought that I should drop a mail here for anyone else who isn't already aware. Some useful links: https://support.google.com/a/answer/81126 https://senders.yahooinc.com/best-practices/ https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf (Postfix and DNS) https://www.linuxbabe.com/mail-server/create-dmarc-record https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_srs_a… Testing: https://www.mail-tester.com https://www.mail-tester.com/spf-dkim-check Emailing check-auth(a)verifier.port25.com from the domain you are testing. Thanks Gavin

11 months

Datacentre move - advance notice of short expected outage in December or January

by Andy Smith

Dear customers, == TL;DR - Our colo provider is moving out of Telehouse to another datacentre close by, and we are going to be moving with them. - It will mean one short (2h or less) outage for each of your VMs as our servers are physically moved on multiple dates (to be decided) in December and January. - Nothing about your service will change. IPs, specs, prices will all remain the same. Our colo provider will retain the same transit providers and will still peer at LINX. == Background Since we started in 2006 BitFolk has been hosted with the same colo provider in the same datacentre: Telehouse London. Telehouse have decided to not renew our colo provider's contract with them and so they will be moving almost all of their infrastructure to another datacentre; the nearby IP House. https://www.ip-house.co.uk/ Given that we have much less than a single rack of infrastructure ourselves, our options here are to either move with our current colo provider or find another colo provider. Staying exactly where we are is not an available option. In light of the good relationship we have had with our colo provider since 2006, we have decided to move with them. This must take place before the middle of January 2024. == Planning At this early stage only broad decisions have been made. The main reason I'm writing at this time is to give you as much notice as possible of the relatively short outage you will experience in December or January. As soon as more detailed plans are made I will communicate them to you. As soon as the infrastructure is available at IP House we plan to move some of our servers there - ones with no customer services on them. We will schedule the physical movements of our servers that have customers VMs on them across multiple dates in December and January. As IP House is only about 500 metres from Telehouse, we don't expect an outage of more than about 2 hours for each server that is moved. If you can not tolerate an outage like that, please open a support ticket by emailing support(a)bitfolk.com as soon as possible. We will do our best to schedule a live migration of your service from hardware in Telehouse to hardware in IP House, resulting in only a few seconds of unreachability. You can contact us about that now, or you can wait until the exact date of your move is communicated to you, but there are a limited number of customers we can do this for. So please only ask for this if it's really important to you. If it is, please ask for it as soon as you can to avoid disappointment. == Answers To Anticipated Questions === Will anything about my service change? No. It will be on the same hardware, with the same IP addresses and same specification for the same price. We're aware that we're well overdue for a hardware refresh and we hope to be tackling that as soon as the move is done. That will result in a higher specification for the same price. === Will the network connectivity change? No. Our colo provider will retain the same mix of transit providers that it currently does, and it will still peer at LINX. === When exactly will outages affect me? We have not yet planned exactly when we will move our servers. As soon as we do we'll contact all affected customers. We need to co-ordinate work with our colo provider who are also busy planning the movement of all of their infrastructure and other customers, and installing new infrastructure at IP House. We expect there to be several dates with one or more servers moving on each date. All customers on those servers wil experience a short outage, but in total we would expect only the one outage per VM. === Will I be able to change the date/time of my outage? No. As the whole server that your VM is on will be moving at the specified time, your options will be to either go with that or seek to have your service live migrated ahead of that date. Please contact support if you want one or more of your VMs to be live migrated. If you have multiple VMs on different servers it is possible that they will be affected at the same time, i.e. if the two servers that your VMs are on are both to be relocated in the same maintenance window. If that is undesirable, again one or all of your VMs will need to be live migrated to servers already present in IP House. === What is live migration? It's where we snapshot your running VM and its storage, ship the data across to a new host and resume execution again. It typically results in only a few seconds of unreachability, and probably TCP connections still stay alive. More information: https://tools.bitfolk.com/wiki/Suspend_and_restore == Thanks Thanks for your custom. Despite the upheaval I am looking forward to a new chapter in a new datacentre! Andy Smith Director BitFolk Ltd -- https://bitfolk.com/ -- No-nonsense VPS hosting

11 months, 1 week

icinga monitoring api?

by Conrad Wood

Hi, Is the icinga API[1] available on bitfolk? Specifically, looking for an API to 1. schedule downtime 2. temporarily disable notifications 3. retrieve list of current problems Conrad [1] https://icinga.com/docs/icinga-2/latest/doc/12-icinga2-api/

1 year

Re: Do not upgrade Debian 12 (bookworm) to the current point release yet

by Andy Smith

Hi Robin, A 12.4 point release with a fixed kernel was put out yesterday. The fixed package and version is linux-image-6.1.0-15-amd64 6.1.66-1. Thanks, Andy > Date: Tue, 12 Dec 2023 07:21:46 +0000 > From: Robin Phillips <robin(a)phillipsuk.org> > Do we know how long it's likely to be before this bug is resolved in Debian? -- https://bitfolk.com/ -- No-nonsense VPS hosting

1 year

Do not upgrade Debian 12 (bookworm) to the current point release yet

by Andy Smith

Hi, A bug sneaked into the upstream Linux kernel and was included in the latest Debian stable kernel release. As the point release to Debian 12.3 happened yesterday, if you upgrade to that kernel and boot into it you will be exposed to a data corruption bug in ext4. So do not install linux-image-6.1.0-14-amd64 version 6.1.64-1. Wait for 6.1.66-1 which contains the fix. https://micronews.debian.org/2023/1702150551.html Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

1 year

Docker on VPS

by Paul Tansom

Does anyone else use Docker on their VPS and if so what spec is it running on? I'm migrating to a new one to upgrade to 64bit and decided to try Docker. It has worked pretty well on my local servers, none massively powerful, but in spite of being told the overhead of multiple copies of things isn't much of an impact it seems I have obliterated the capability of my VPS barely half way through the process, with htop registering both swap and physical memory maxed out. I've migrated 8 WordPress sites and had to disable 3 to regain some level of stability (these using the official WordPress Docker image, which admittedly spins up Apache and MariaDB for each one). I've decommissioned 2 WordPress sites, but have 7 more to move (4 of those being in 2 multisite setups) as well as 3 phpBB, 3 Piwigo and a Roundcube, not to mention email and mailman. These are low traffic and experimental sites in many cases, but at the moment I'm debating between reverting to the old setup (possibly an issue as my phpBB sites are planned to migrate to Discourse which started the Docker idea), or moving the databases into a single container, and possibly the WordPress sites into a single Apache (which also part defeats the object of Docker I guess). I was expecting more load, but not this much. Part way through is not an ideal time, particularly when I'm still battling COVID two and a half weeks on from catching it (which isn't helping my thought processes!). Any thoughts from the collective wisdom here? Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001 ============================================================================= Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP

1 year

Investigating issues with host "macallan"

by Andy Smith

Hi, I'm currently investigating problems with host "macallan" which started having issues around 12:57 as far as I can see. I will keep you updated when I know more, Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

1 year, 1 month

Change default user

by Paul Tansom

I've just installed a new VPS using the ubuntu-jammy image, and with the new (likely not that new, but last VPS was pretty old) cloud-init install it creates a default user of ubuntu. I want to change that to something else, but haven't needed to do that before, so thought I'd check if there are any gotchas that will come back to bite me down the line. As far as I can tell the best way to do it is to use: usermod -l newusernam -m -d /home/newusername oldusername Clearly from a different account, and with this being a clean new install there shouldn't be anything in terms of cron files to mess with. There will be a group name to change too though. Is there anything else, or a better way to do this? -- Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001 ============================================================================= Registered in England | Company No: 4905028 | Registered Office: Ralls House, Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP

1 year, 1 month

Postfix/Dovecot relay

by Murray Crane

Hello all, Would any of you know if the following scenario is "doable"? We run an old Exchange 2010 infrastructure at my work, and there is no way they are going to spring for newer: getting them to go from 2003 to 2010 was an ordeal... Could I set up an Ubuntu Postfix "relay" server between Exchange and the Internet, that also permits one particular mailbox to be accessible from a Dovecot install on the same server (as well as relaying the mail for that mailbox to Exchange)? Yes/no and pointers most welcomed. Kind regards Murray Crane

1 year, 1 month

TLS encrypted traffic interception seems to have taken place in Germany

by Andy Smith

Hello, I was reading about this incident of alleged lawful intercept used on Hetzner and Linode in Germany in order to successfully MitM TLS-encrypted traffic for a period of months: https://notes.valdikss.org.ru/jabber.ru-mitm/ The link at the bottom on some ideas to detect and mitigate is also worth a read: https://www.devever.net/~hl/xmpp-incident I am still left wondering why the attacker did not use a block device and/or memory snapshot of the Linode VM in order to extract the real TLS key material and avoid having to issue new ones, which appeared in CT logs. At the moment my best guess is that perhaps the filesystem was protected by LUKS and the skills to extract key material from a memory dump, while existing, were in short supply. Meanwhile, the procedure to MitM network traffic through their own hardware on Hetzner and Linode is probably very well documented and tested, so maybe could be done straight away, and it was perhaps considered expedient to just risk the new certs being noticed. DNSSEC+CAA start to seem like very good ideas. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

1 year, 1 month

← Newer
1
2
3
4
5
6
7
8
...
112
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

BitFolk Users