I seem to recall some discussion about Mastodon on here a while ago. I'd
appreciate guidance about using a Bitfolk VPS for a multi-user Mastodon
instance.
Specifically, I'm trying to get an idea of how much RAM and storage we'd
need for say, 50 or 100 users.
Robin
--
Military history author <https://russellphillips.uk/> : Mastodon
<https://historians.social/@RPBook>
Did this email go to spam? <https://phillipsuk.org/whitelist.html>
Hi,
As you may be aware, the latest stable release Debian 12 bookworm
was released on 10 June.
It is available for new orders and you can of course upgrade your
existing Debian VMs to this release, but we haven't yet updated the
web site to reflect this nor the Xen Shell to allow a clean
self-install. That will happen in the next couple of days.
A reminder though, that in this new release udev has learned about
Xen network interfaces and therefore will rename your eth0 to enX0.
This was previously discussed here:
https://mailman.bitfolk.com/mailman/hyperkitty/list/users@mailman.bitfolk.c…
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
Debian 12 "bookworm" which was released on 10 June 2023 is now
available for self-install from our Xen Shell:
https://tools.bitfolk.com/wiki/Using_the_self-serve_net_installer
The command:
xen shell> install debian_testing
also now leaves you with an install of testing, but aside from the
code names in /etc/apt.sources.list that is currently pretty much
exactly the same as bookworm.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
After a minor incident of some phishing emails being sent purporting
to be from bitfolk.com, on 3 June I tightened the SPF record of
bitfolk.com from ~all to -all. This basically says that ONLY the
hosts listed in the SPF record are permitted to use a bitfolk.com
envelope sender on email, and that any other host trying to do so
should be rejected.
I have since noticed that some customers are using traditional
server-side forwarding, e.g. on role addresses, to send BitFolk
emails to a group of people, and some of those recipients are doing
as asked and rejecting the email. More are probably silently
discarding or filing the mails away in spam/junk folders.
This happens because when your mail server forwards an email from
e.g. billing(a)bitfolk.com through role(a)yourdomain.co.uk and out to
joe.bloggs(a)example.com, your mail server is pretending to be
billing(a)bitfolk.com. Since you do not match bitfolk.com's SPF
record, the mail server for example.com rejects the email (unless
configured otherwise).
Unfortunately we can't go back on this configuration. It's just the
way that email works in the 21st century. Server-side forwarding of
email in this way is not something that can be expected to work any
more, unless you control both the recipient address and every
address it expands out to.
So what can you do if you currently do forwarding of addresses like
this?
- The generic answer is Snder Rewriting Scheme:
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
- A more limited answer is to run a real mailing list of some sort,
so that, for example, billing(a)yourdomain.co.uk goes through a real
mailing list manager like majordomo or Mailman, is rewritten and
sent out to the people who should receive it.
- If you control or have strong influence on all recipients, you can
configure them to allowlist particular senders.
- You can set up real mailboxes for your role accounts and have
interested parties download the email by IMAP or POP.
I'm sorry that this change has broken some previously-working
forwarding setups. It isn't something we can revert though (and
indeed, it will have to get stricter, with additional DKIM and DMARC
to come).
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi all,
I need some information/help to solve a problem. I backup my VM daily
using rsync, and I have been meaning to test the restore process, but
life got in the way. Until this week.
Bottom line, restore appears to set all the files correctly, I re-setup
grub, but restored machine will not boot.
What I am doing. I use a keyfile to ssh into the VM as root, and run the
following to take the backup.
#!/bin/bash
rsync -aAXv \
--delete-during \
--exclude=/swapfile \
--exclude=/dev \
--exclude=/lost+found \
--exclude=/media \
--exclude=/mnt \
--exclude=/proc \
--exclude=/run \
--exclude=/tmp \
--exclude=/var/log \
--exclude=/home/*/.cache \
--exclude=/sys \
--exclude=/var/lib/lxcfs \
root@ianhobson.co.uk:/* /home/ian/BackupFiles/hobson42
For the restore, I manually:
1) Created a proxmox VM to restore to.
2) Install the same version of the O/S (Ubuntu 20.04.06) as the live VPS.
3) Set up passwordless access for root, from the backup machine into the
restore machine.
4) Run the following as root
rsync -aAXv \
--exclude=/home/ian/BackupFiles/hobson42/etc/hostname \
--exclude=/home/ian/BackupFiles/hobson42/etc/hosts \
--exclude=/home/ian/BackupFiles/hobson42/etc/netplan/* \
--exclude=/home/ian/BackupFiles/hobson42/boot/*
--exclude=/home/ian/BackupFiles/hobson42/boot/grub/*
/home/ian/BackupFiles/hobson42/* root@europa.hcs:/
The excludes are to stop the IP, and hostname being changed.
5) I then run the following as root on restored machine.
grub-mkconfig > /boot/grub/grub.cfg
6) Tried to log in. Saw all users (restore has gui)
but logging in produced a quick error popup, which was so
fast I could not read a word. Then got the usernames again.
7) SSHed in OK, and checked the files - they seem OK.
8) Reboot. This shows the grub menu, but when I select ubuntu
I get a black screen - and nothing further.
I have tried omitting the excludes of boot - same result.
Thoughts:
Restore is to VM under proxmox and not xen. Significant?
Do I need to edit something in /etc/grub.d?
Have I missed something blindingly obvious?
Ideas very welcome. A backup that I can't restore is about as useful as
a chocolate tea pot!
Regards
Ian
--
Ian Hobson
Tel (+66) 626 544 695
Hey all,
I've been self-hosting an ancient mailman 2.x service for many years for
the residents' association where I live, and it's time to move on. Apart
from anything else, I dread to think what security holes may still exist.
But we're experiencing issues with SPF failures causing bounces and
eventual unsubscribes, which I'm not even sure mailman 3.x handles any
better than 2.x.
So I'm looking for recommendations on a way forward, and figured this list
is full of knowledgeable sorts who probably have experience with various
options. I should mention that these lists are used for discussion, not
just for broadcasting one-way announcements.
mailman 3.x seems to be substantially more complex than 2.x, but I don't
see that as an issue, because I've decided to move away from self-hosting
since I just don't have time to become a mailman expert. Moving to SaaS
would also increase the service's bus factor above 1, and provide some
added security through isolation from other services currently on the same
machine.
I'm loathe to move to Google Groups since some of our residents are very
anti-Google, and I expect their support will be awful if ever needed. It's
also a closed source dead end. I'd prefer to pick a SaaS offering based on
Free/Open Source, to support continued development of that. I'm inclined
to go with a mailman 3 SaaS offering, and the following two both look very
promising because they're decently priced, can migrate my existing 2.x
lists, and can host on London servers:
https://www.mailmanhost.com/https://www.mailmanlists.net/
There's also https://mailman3.com/ which can host in the EU, but I'm not
sure if they offer migration.
Does anyone have any experience with any of these, or have recommendations
of good alternatives to mailman (preferably with options to migrate
existing mailman lists)?
Thanks a lot!
Adam
For many years I've run a poor-man's mailing list through /etc/aliases
on my VPS. Before you start breaking out the flaming torches and
pitchforks, it's very limited in scope; it forwards only within my
immediate household, albeit to mailboxes hosted by gmail and hotmail.
I've just learned that some mails to this alias are being quarantined or
bounced at their ultimate destinations. They're passing SPF (because
envelope-from is postmaster@ my vps) but failing DMARC (the external
From address isn't being rewritten). When the sender has full DMARC
enabled, we lose.
Drat.
My VPS is running Debian with exim4.
I think I might like to rewrite "From: foo(a)bar.baz" to something like
"From: postmaster+foo_bar.baz(a)my.domain" in order to satisfy DMARC, but
only when forwarding via this particular alias. I'm not readily figuring
out how to do this, and am leery to tangle with Exim's rewrite rules anyway.
Would anybody care to venture whether this is possible? a good/bad idea?
alternative solutions? I am looking for a least hassle, least
maintenance answer, ideally at little or no additional cost (hence
/etc/aliases has served well for a long time). On a unicorn, naturally :-)
(No I don't run mailman - I used to but I found it rather tiresome to
set up, feed and water.)
Thanks
Ross
I have an old Ubuntu 16.04 install that is beginning to give me a tonne of
grief with apt.
It has now happily upgraded (well) past kernel 4.4.0-210, but it's refusing
to go further because it can't remove -210 any more:
# apt remove --purge linux-modules-extra-4.4.0-210-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED
linux-headers-4.4.0-210-generic linux-modules-4.4.0-210-generic
linux-modules-extra-4.4.0-210-generic
0 to upgrade, 0 to newly install, 3 to remove and 18 not to upgrade.
3 not fully installed or removed.
After this operation, 225 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 149323 files and directories currently installed.)
Removing linux-headers-4.4.0-210-generic (4.4.0-210.242) ...
dpkg: error processing package linux-headers-4.4.0-210-generic (--remove):
unable to securely remove
'/usr/src/linux-headers-4.4.0-210-generic/include/config/generic/isa/dma.h':
Not a directory
Removing linux-modules-4.4.0-210-generic (4.4.0-210.242) ...
dpkg: error processing package linux-modules-4.4.0-210-generic (--remove):
unable to securely remove
'/lib/modules/4.4.0-210-generic/kernel/fs/nfs/nfsv4.ko': Not a directory
Removing linux-modules-extra-4.4.0-210-generic (4.4.0-210.242) ...
dpkg: error processing package linux-modules-extra-4.4.0-210-generic
(--remove):
unable to securely remove
'/lib/modules/4.4.0-210-generic/kernel/fs/nfs/blocklayout': Not a directory
Errors were encountered while processing:
linux-headers-4.4.0-210-generic
linux-modules-4.4.0-210-generic
linux-modules-extra-4.4.0-210-generic
E: Sub-process /usr/bin/dpkg returned an error code (1)
apt upgrades are failing as a result of this. I've been slowly reinstating
files (using touch), but is there a way to *genuinely force* apt to
remove/purge when it gets into a state like this?
Kind regards
Murray Crane
