fsebugoutzone.org:9999

       Post AYKm8Mf8Y3B3LkvDs0 by cambridgeport90@social.platypush.tech
 (DIR) More posts by cambridgeport90@social.platypush.tech
 (DIR) Post #AYHxHleZWBZ7UASqGG by blacklight@social.platypush.tech
       2023-08-01T13:46:15Z
       
       1 likes, 0 repeats
       
       &quot;Forget editing /etc/hosts!&quot;Right.Why would you edit a local file (or create a record on your own local DNS), generate your own self-signed certificate, and immediately get a website that can be tested on your own machine, on your own local network or on your own VPN, when you can pay someone $19 per device (MacOS only) for something less powerful?I understand that everybody needs to make money for a living, but this seems like the digital equivalent of bottling tap water and asking people to pay for it.https://www.localcan.com/
       
 (DIR) Post #AYKm8Mf8Y3B3LkvDs0 by cambridgeport90@social.platypush.tech
       2023-08-02T00:09:16Z
       
       0 likes, 0 repeats
       
       @blacklight I would love to host my own DNS through either ADDS or Bind on OpenSUSE, but I feel sort of stuck with CloudFlare because my ISP either blocks port 53 or charges me up the wazoo for business internet. I think you told me that the Netherlands ISPs don&#39;t give much of a dang as long as customers aren&#39;t spreading malware,right? What about Italy?
       
 (DIR) Post #AYKm8NWfL1zm1lxyIy by blacklight@social.platypush.tech
       2023-08-02T06:24:29Z
       
       0 likes, 0 repeats
       
       @cambridgeport90 I haven&#39;t lived in Italy for too long to be up-to-date on ISP policies, but at least a decade ago mileage would vary. Providers like Telecom and Wind didn&#39;t have any constraints on public external ports - I used to host a bunch of services on an old Pentium 1 under my bed with a Telecom subscription from 2004 to 2014. But other ISPs like Fastweb were very problematic - basically all the clients in that case are connected to a big local network with internal IP addresses and limited NATting. I remember that back in the day accessing my ex&#39;s computer over SSH from the outside was only possible after I connected her to my VPN, and even calls with the customer service ended up with &quot;sorry, your public IP is shared with a few thousands of other customers and NAT is not possible&quot;.The NL is much more liberal (at least the ISPs that I know of), but in my case I&#39;m also stretching a bit what&#39;s possible with a home connection - the upload bandwidth is quite limited compared to DL, and I now receive periodically calls from Ziggo inviting me to upgrade to a business contract.
       
 (DIR) Post #AYKm8OL0JsGGXtWAlc by cambridgeport90@social.platypush.tech
       2023-08-02T22:12:37Z
       
       0 likes, 0 repeats
       
       @blacklight You must be allowed to have port 25 open to host mail, right? Either that, or isn&#39;t the other port 587? Both are blocked over here,so I&#39;m not able to put my mail on my home network. I might consider switching to something other than Office 365 if I end up with a unit in a datacenter again. That won&#39;t be for a bit,though.
       
 (DIR) Post #AYKm8P0TpfREcWvIPo by blacklight@social.platypush.tech
       2023-08-02T22:21:51Z
       
       0 likes, 0 repeats
       
       @cambridgeport90@platypush.tech I currently have two mail servers:1. The primary one is actually a ProtonMail bridge that is configured to manage most of my domains. Actually the ProtonMail bridge *is not* intended to be used on anything other than localhost, so I&#39;ve modded it a bit by adding an SSH tunnel to its default port (1025) that listens only on my VPN interfaces. Since all of my devices and services internally listen to at least some of those VPN interfaces, emails are sent to the VPN address (e.g. 10.0.0.1:1025), so there&#39;s no need of NAT/exposing SMTP ports.2. I also have another personal mail server on one of my Linode boxes. Installing Postfix/Dovecot etc. wasn&#39;t a bit deal, but configuring all the DNS records to make sure that your emails are accepted by the most picky servers out there (Google, Microsoft etc.) was a bit of a pain in the ass. Anyway, after a bit of back and forth with Spamhaus and friends to get it whitelisted it works fine and it can deliver emails to all the domains. But, knowing the folks at Spamhaus, I don&#39;t think they would have been so keen to whitelist it if instead of running on a Linode IP (which they already consider a kind of gray area) it was running on a residential IP (which they usually consider totally a *black* area).Even if in theory I could put my mail servers to listen directly on my residential IP, I wouldn&#39;t do it because emails from servers running on residential IPs are likely to be dropped by 90% of the other servers out there.
       
 (DIR) Post #AYKm8Pc3ZxUoV4VIzA by cambridgeport90@social.platypush.tech
       2023-08-02T22:23:54Z
       
       0 likes, 0 repeats
       
       @blacklight That&#39;s actually pretty awesome. I never understood why just because an email server was running off of a residential IP, it&#39;s automatically blocked. That&#39;s rather unfair to the nerds. Nerds should be able to do whatever we want, because if a mail server is running,chances are, the person running it knows what they&#39;re doing.
       
 (DIR) Post #AYKm8QEhGIP8QuaADI by FourOh-LLC@pkteerium.xyz
       2023-08-02T22:27:45.160223Z
       
       0 likes, 0 repeats
       
       I run fully RFC compliant email servers off my domains, thanks to YunoHost. I to used to suffer the configs, but for the last few years I just manage the BIND records and YunoHost does the best. Highly recommended.
       
 (DIR) Post #AYKnFr9ZgLGLtgIMPg by blacklight@social.platypush.tech
       2023-08-02T22:37:57Z
       
       0 likes, 0 repeats
       
       @FourOh-LLC @cambridgeport90@platypush.tech I&#39;ve personally found these two pages very helpful to manually configure the DNS records myself:- https://mxtoolbox.com/domain- https://internet.nl/The latter in particular has been super helpful - it checks the compliance of your mail server even against the most stringent Dutch regulations (which are usually quite stringent), and besides all the right DKIM/DMARC/SPF records it also includes things like IPv6 accessibility, usage of latest ciphers etc. - all things that are usually &quot;implicitly&quot; required by other big servers but not explicitly documented.However, even after getting everything right my mail domain ended up on the Spamhaus blacklist.Getting it removed wasn&#39;t a big deal, but it required me writing directly to them and asking &quot;hey folks, I&#39;m a well-intentioned human being and I think I know how to manage a mail server, can I please talk to the big guys now?&quot;Also, after doing that you need to make sure to harden your mail server (no anonymous connections, validation of the headers sent from other mail servers, expose the port 25 only to server-to-server connections etc.). Otherwise one of the main crawlers that scans the Internet for open ports 25 will start using your mail server for whatever nasty purposes, and then it gets harder to get removed by Spamhaus&#39; bad guys list.I see however the reason to reject email from residential IP addresses - especially dynamic ones, which are hard to track/blacklist in case of abuse. 15 years ago I remember that old vulnerable routers were a favourite target for malware that would then install their own mail servers and send all kind of crap.
       
 (DIR) Post #AYKnFs2APMvoczpxVQ by FourOh-LLC@pkteerium.xyz
       2023-08-02T22:40:19.356000Z
       
       0 likes, 0 repeats
       
       This is my main domain, and there are a bunch of subdomains.https://dnsviz.net/d/kane-il.us/dnssec/
       
 (DIR) Post #AYKnUuq2GQbFfYKwd6 by FourOh-LLC@pkteerium.xyz
       2023-08-02T22:43:03.173585Z
       
       0 likes, 0 repeats
       
       When I send you an email from one of the standard aliases like postmaster, even Google passes all checks.There is bleeding edge then there is the upstream. YunoHost is not fully RFC-compatible, it still depends on the upstream. So, its creates sufficiently compatible service stacks.
       
 (DIR) Post #AYKnZK1UZMyYw8nRtA by FourOh-LLC@pkteerium.xyz
       2023-08-02T22:43:43.099675Z
       
       0 likes, 0 repeats
       
       When I send you an email from one of the standard aliases like postmaster, even Google passes all checks.There is bleeding edge then there is the upstream. YunoHost is not fully RFC-compliant, it still depends on the upstream. So, its creates sufficiently compatible service stacks.
       
 (DIR) Post #AYKo8MvblCQa59kvuC by FourOh-LLC@pkteerium.xyz
       2023-08-02T22:50:11.816435Z
       
       0 likes, 0 repeats
       
       Soon I will be upgrading to Debian 12, and to BIND 9.18.kane-il.us s served from Debian 11 and BIND 9.16, and finally with 9.18 there is now support for DoT and DoH.Linode is still the best host I am aware of, because it allows chaging the rDNS for bot IPv6 and IPv4. Also because it provides an IPv6 block. The combination of these allow for reliable email hosting.I wish I had alternatives to Linode, YunoHost. This is a one-trick pony, only recommended for personal use.
       
 (DIR) Post #AYKoDy1zEwiAbQPQWW by cambridgeport90@social.platypush.tech
       2023-08-02T22:39:57Z
       
       1 likes, 0 repeats
       
       @blacklight @FourOh-LLC Ah. I remember some of those; not only router-based malware, but a few cleverly constructed worms also had their own mail servers, if not mail transfer agents. Axam is one that comes to the top of my head.