think tank forum

technology » technological self-sufficiency

asemisldkfj's avatar
12 years ago
r2, link
asemisldkfj
the law is no protection
redundant thread title, I know. I wanted to make it clear this isn't about like living in a tent and growing your own food or something though.

ideally I would like to personally administer all of my internet services on my own internet connection. I'm sacrificing that last bit and using Slicehost for now because I have a shitty ISP, but once I'm back on Speakeasy I'll put all my services on that connection.

there are only two main services that I'm concerned with right now. email and jabber. web server too, but that is pretty trivial to set up and I already have it running on my 256slice.

email
postfix as the mail server. gatzby suggested dovecot for an IMAP server. I'm not going to bother setting up a webmail interface. I can get stuff via IMAP on my phone and home computer or via ssh/PuTTY on my flash drive anywhere else.

jabber
I'm using prosody as a server and it's been really easy to set up. I'm still tweaking this configuration, but it's mostly working.

I forget why I even made this thread. I guess now this is where I will post about progress on becoming technologically self-sufficient.
bluet's avatar
12 years ago
link
bluet
Dovecot is good.
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
Here's what I use, I now have two servers, one in datacenter, and one at home for redundancy.

FreeBSD as OS
MaraDNS for authorative DNS for my domains
OpenNTP to keep the time
Postfix for MTA
policyd weight & TMDA for anti-spam
Dovecot for IMAP
lighttpd for webpages
MySQL for database powered webpages
lucas's avatar
12 years ago
link
lucas
i ❤ demo
asemi: i thought you ditched slicehost
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I did, but now I'm back! I felt too restricted only having an account on gatzby's VPS, I have no idea when I'll have Speakeasy again (never mind the money for it), and I make a little more money now, so I decided to invest in Slicehost again.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
finished my email server. postfix/dovecot. working well so far. using ssl for imap and tls for smtp, with a self-signed certificate.

going to set up jabber to use the certificate now!
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
yay, jabber is up!

my first name @ planetsareplaces.com
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
Which jabber server are you using? I looked at hosting my own jabber server but the jabberd config was in XMl, which is just plain brainfucked stupid IMO ... Never really looked beyond that ...
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
I'm using prosody and it's been great. the config is in Lua but it's very straightforward. I mentioned this in the original post too :).

this page was really helpful in generating certificates for Postfix, Dovecot, and Prosody to use: https://help.ubuntu.com/9.04/serverguide/C/ce … urity.html
andre's avatar
12 years ago
link
andre
From what I hear ejabberd is the most awesome jabber server... Although it might be overkill for a simple setup.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
if it makes a difference to anyone, Prosody also has an MIT/X11 license (ejabberd is GPL) :).
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
woops, double post.
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
> I'm using prosody and it's been great. the config is in Lua but it's very straightforward.
> I mentioned this in the original post too :).

Oops, sorry. So you did, didn't notice that.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
what do people do for backing up configuration files? I know version control is an option, so I'm thinking about doing that.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
Wish I could find a cheap datacenter host for a 4u HP server I have.
bluet's avatar
12 years ago
link
bluet
> what do people do for backing up configuration files?

I put them in a Mercurial repository.
phi_'s avatar
12 years ago
link
phi_
... and let the Earth be silent after ye.
SCSI tape backup! :D
ozntz's avatar
12 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Do you guys use Jabber at work for internal communication?
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
nope. we just use email. it sucks.
 
12 years ago
link
dbrown
yes
 
12 years ago
link
arun
keep smiling !
ozntz: We use http://www.igniterealtime.org/projects/openfire/ at work.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
bluet look at cfengine.
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
I just typed this up today because I felt like it. kind of a status report.

CURRENT
slicehost
    externally accessible
        email
        jabber
        version control
        web site
razor
    externally accessible
        ssh tunnel
    internal only
        web development
local
    internal only
        backup
    
IDEAL
server @ home
    externally accessible
        email
        jabber
        ssh tunnel
        web site
    internal only
        backup
        version control
        web development
        
SERVICES LIST
backup
email
jabber
ssh tunnel
version control
web site
web development


I still haven't ditched Gmail for a couple of reasons:

1. contact storage (this also syncs with my phone)
2. reliability (I am still not 100% confident in my mail server configuration, etc.)
3. ease of access (can't really beat a web interface)

things needed before I ditch Gmail:

1. phone syncing with other contact source; might be possible with Android 2.0
2. more experience setting up/troubleshooting email, more heavy usage to test my setup, better backup and recovery plan
3. perhaps a web interface, or just setting up mutt on my router or on the email server itself so that I can use it via ssh

I would also like to ditch Google Calendar, even though I don't even use it that much. I could probably use a text file as a calendar and be happy. I think those are the only two services I still rely on that I do not provide myself. unless you count photo hosting. I am working on that though. I want to code a small piece of photo album software that will also allow me to optionally send Twitter or Facebook status updates with a link to the photo page. I have been thinking about this for a few days but haven't had time to get started yet. perhaps this weekend!
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
oh, and I haven't signed into Gmail's Jabber in probably a month :). the only complaint I have with Prosody is that I would like to do server-side logging of conversations, and I don't think that it supports that.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
next on my agenda: actually set up version control and back up all configuration files from laptop, router, and server. some of this will be redundant, because I'm backing up my server and my laptop locally (through Slicehost's backup service and Time Machine with an external drive, respectively), but having backups of configuration files on my router will be pretty crucial (pf.conf mostly).
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
I think I am going to write a long blog post/essay about this. I am back in this thread to jump-start my brain.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
aw shit, just got my first spam on my planetsareplaces email.
DaGr8Gatzby's avatar
12 years ago
link
DaGr8Gatzby
Drunk by Myself
Ah shit indeedy ..... whatcha gonna do about it?
phi_'s avatar
12 years ago
link
phi_
... and let the Earth be silent after ye.
I'm really attracted to this idea. And I'm wanting you to go further with this and see how it works for you...
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I'm working on it :).
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
wasted my day setting up an openldap server before figuring out that Address Book only does remote queries of ldap directories and doesn't actually sync the data. plus it won't list all contacts, you HAVE to search for one.

same limitation on the iphone.

argh. I want a contacts server!!
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
this whole venture is making me want to kill myself. being paranoid and obsessive about where all your data is living is quite torturous. I think it's time to top the downgrading thread again.
 
12 years ago
link
History500
I AM the walrus!
I've used openfire for jabber before, it's a nice software.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I've messed around with openfire at work a bit and one thing I've found is that the documentation absolutely blows.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
just set up davical on ubuntu 9.10. it is talking to evolution.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
now I need to get ssl working with caldav.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
i just set up my centOS machine to act as a webserver. now i just need to get it to use ssl.
maple's avatar
12 years ago
link
maple
i like large datasets
what web server are you using chicken?
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
im just using apache. setting up a mail server right now.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
hrmm tempted to roll together something into an openwrt image. imagine... p2p social networking via openwrt images. painless setup / integration. All data kept local. No privacy issues.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
hmm don't think the mail server is gonna work since im using a dynamic dns service.
 
12 years ago
link
dbrown
chicken: do you want some space on my slice?
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
mmm maybe, ive been doing a bunch of reading today and i think i figured out a way to get it to work with my less than ideal situation. from what i can tell my mx record isn't sticking in the dynamic dns setup, so im gonna try a ddclient and see if that helps. i finally got outgoing mail working by relaying it through my isp.
 
12 years ago
link
dbrown
fair enough, just email me if you change your mind. [my username]29@gmail.com
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
it's a bummer how hard it is to do a lot of this stuff with a residential connection. I want to invest in a business hookup at my house someday so I can get rid of my slice and do everything on openbsd.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
Wish ISPs weren't corrupt failing edifices to a broken society.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
i dont think i can put into words how excited ill be the day i can get an adequate hookup to host everything i want without the isp making me jump through hoops.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
Chiken on that day you and I will toast with crystal goblets and throw our wanton waste into our mahogany lined fireplaces. Then we will don our baby seal skin socks and spotted leopard moccasins and go out for a drive in our 8 wheeler suv with platinum hippie plow.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
im kind of perplexed by this and im starting to think my isp has port 25 blocked inbound as well or else ive got a really stupid configuration error.

performing the telnet test using the domain and port 25 works (returns my outside IP, not 127.0.0.1), but when i do mx tests like the one found here:'http://www.wormly.com/test_smtp_server' i get timeouts.

firewall is configured properly on both my server and router so i mean it just really leaves the isp in my mind which is really gay.
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
What is your IP?
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
96.31.101.192
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
A lot of ISPs do block smtp to avoid people configuring relays which end up being spam targets.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
Tried to telnet from a shell box.

Timeout.

You are probably firewalled.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
try running smtpd on port 587.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
ill give that a shot
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
did not change anything. would probably work if i had a public server that wasn't blocked on port 25 and relayed everything through it on port 587.

ill just keep this one in my back pocket for now. i think im gonna move on to vpns.
DaGr8Gatzby's avatar
12 years ago
link
DaGr8Gatzby
Drunk by Myself
% nmap -P0 -p 25 96.31.101.192

Starting Nmap 5.00 ( http://nmap.org ) at 2010-05-13 14:50 CDT
Interesting ports on sub-96-31-101-192.tctwest.net (96.31.101.192):
PORT STATE SERVICE
25/tcp filtered smtp

Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
ill have to remember the nmap command for the future.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
-sS > -P0 imho but -sV is where it's at =P
 
12 years ago
link
dbrown
that might be my favorite post.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
wow i'm an idiot. so im setting up a bridged openvpn server and i thought i had it all set up and i got to test it at a local coffee shop. wont work. not only that but ssh doesn't work, ftp doesn't work, nor does http work. i'm like wtf, this was all working yesterday.

so i slept on it last night, get up this morning and realize theres no default gateway in the routing table, so anything coming in to the server has no way of getting back. *smacks head*
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
yeah that'll get yah every time.
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
Consider it a learning moment.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
jinzora is up and running! now i just need to get my 2 TB raid set up so that i can host all my music on this machine.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
so I spent a lot of time today trying to figure out why my emails sent from mutt from my gmail address (through gmail's smtp servers) to a test yahoo account were ending up in the spam folder. if I sent email from mail.app or the gmail web interface they went to the yahoo inbox.

I figured out that it's the X-mailer and User-agent headers. I guess yahoo doesn't like mutt, because when I spoofed a thunderbird User-agent it went to the inbox. so stupid.
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
set up spf earlier and dkim just now. waiting for dkim dns record to propagate…
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
spf, dkim, and domainkeys are all set up. yahoo still puts emails from my domain in spam.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
dns is crap. let's just get rid of it entirely.
Chiken's avatar
12 years ago
link
Chiken
Don't Let Your Walls Down
i agree! lets just use ip addresses!
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
it's kind of neat that all these email things use dns txt records, but we need some dnssec.

looking at email headers I am surprised by how many email providers don't do spf or dkim.
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
I don't know ... dnssec is weird ...
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
comcast business class internet is 60 usd/month. hmm. I might call and see how hard it would be to upgrade from a residential hookup.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
I'm back in this boat again. with the demise of reader, I'm hoping to be google-free by the end of the month. I've been forwarding all email to my personal domain (email server is at gandi.net, along with my dns and domain) and I set up radicale yesterday for card/caldav. there are a couple of sync adapters available now for android (caldav-sync and carddav-sync) that work with the stock contacts and calendar apps.

I'm surprised-but-not-very that iOS has supported caldav and carddav out of the box since version 4 and I'm fairly certain even the newest android releases don't.

I still have a throwaway google account tied to my phone just for the play store :(. but hopefully this will be all that's left of my relationship with google very soon!