Using Let’s Encrypt TLS Certificates for SMTP, IMAP, and HTTP

One of the greatest advances towards securing the Internet happened on April 12, 2016 when the Internet Security Research Group (ISRG) launched the “Let’s Encrypt” X.509 Transport Layer Security (TLS) (you may recognize it by the older SSL moniker) Certificate Authority. Major sponsors of the ISRG include the Electronic Frontier Foundation (EFF), the Mozilla Foundation, Akamai, and Cisco. The purpose of Let’s Encrypt is to provide free TLS certificates to anyone that can prove they own a domain so that they can secure the communications between their clients and their server through encryption. The service is fully automated and renewals are automated as well, keeping the certificates current and validated. However, securing your website is but one...

Apache and Mailman -- Scripts not executing

Recently I rebuilt my personal mail server (and Mailman list server) on a new version of Ubuntu. Everything went well and the Mailman list worked fine, except that all of the CGI-BIN scripts would download in the browser, rather than executing. I spent a lot of time troubleshooting this issue, making various changes to my Mailman configuration, all to no avail. Eventually, I gave up and just let it sit...mail was working, so it wasn't an emergency. However, this weekend I decided I needed the interface working, so I dove back into troubleshooting the problem and looking for answers. I again made several changes to the configuration, tweaking ScriptAlias and whatnot, again to no avail. Then I stumbled upon...

Solving Fail2Ban not banning IPs on Ubuntu 16.04

I recently installed Fail2Ban on my personal mail/web host as the number of "bad actors" has climbed a lot in recent years and I no longer felt comfortable just allowing them to pummel my server. I'm writing up another blog post shortly on everything I did and how it all works; however, I had one issue that kept cropping up: Running fail2ban-client status recidive returned the following: Status for the jail: recidive |- Filter | |- Currently failed: 158 | |- Total failed: 741 | `- File list: /var/log/fail2ban.log `- Actions |- Currently banned: 8 |- Total banned: 8 `- Banned IP list: 185.127.19.155 203.87.129.135 80.82.77.203 94.102....

Why I'm doubling down on Apple - Privacy

It's spring here in Silicon Valley and that means it's time for the Apple World Wide Developers Conference (WWDC). This year did not disappoint with Apple making not 1, not 2, but 6 major announcements: tvOS, now with Amazon Prime Video watchOS 4, Siri and Toy Story watch faces Mac macOS High Sierra (no it wasn't a joke) iMac speed bumps MacBook / MacBook Pro speed bumps New iMac Pro iPad Pro 10.5" (and updated 12") iOS 11 HomePod (Siri-powered Speaker Assistant) These are some great announcements from Apple, but what I'm most excited about are the announcements that were behind the announcements. Intelligent Tracking Prevention The Safari browser will now be the only browser on the market...

Triple Boot MacBook Pro (macOS, Windows 10, Linux)

I recently decided to run Kali Linux on my MacBook. I originally thought I'd just build it into a Virtual Machine (using Parallels), but was concerned that I might not have the control over the hardware that I'd need in order to make Kali effective as a learning environment. So, I set about working on a dual-boot scenario. Needless to say, I failed miserably when I opted to have Kali install Grub and it overwrote my primary Boot Manager on the Mac and rendered the system unbootable (and eventually unrecoverable). Thank goodness for good backups... WARNING: Do not proceed with any of these steps unless you have the ability to restore a bare-metal backup. Everything I'm doing has the potential...