Rest in Peace - Christopher J. (Chris) Utley

I've now reached a milestone in my life that everyone dreads, that age when your friends start to pass. I didn't think it would happen this soon. I'm beyond saddened that my first friend to pass from this world into the next was Chris Utley. I was a very young 25 years of age when I met Chris (I'm now 47), so he and I knew each other for 22 years. I had just been recruited from a job at Miami University to run the Internet Operations team at Cincinnati Bell Telephone as they became an Internet Service Provider with a service offering called "Fuse Internet Access". I was told I needed to have a "Webmaster"...

Working around incomplete Ubiquiti UniFi Security Gateway DNS Service

I’ve been having a long-running conversation with various folks in the Ubiquiti Forums here and here regarding the DNS service that is provided by the USG. The USG is just a DNS forwarder and will dutifully take DNS queries from your internal hosts and pass them to whatever DNS servers it received from your Internet provider over DHCP (or perhaps you manually changed them in the configuration). However, I run a medium-sized network on my internal LAN and I have various servers that I wish to access when I’m at home. A couple of examples are: Synology DS1415+ Network Attached Storage Mac mini running macOS Server 3 different Linux Workstations Windows workstation The UniFi CloudKey Controller itself (this...

Using Let’s Encrypt TLS Certificates for SMTP, IMAP, and HTTP

One of the greatest advances towards securing the Internet happened on April 12, 2016 when the Internet Security Research Group (ISRG) launched the “Let’s Encrypt” X.509 Transport Layer Security (TLS) (you may recognize it by the older SSL moniker) Certificate Authority. Major sponsors of the ISRG include the Electronic Frontier Foundation (EFF), the Mozilla Foundation, Akamai, and Cisco. The purpose of Let’s Encrypt is to provide free TLS certificates to anyone that can prove they own a domain so that they can secure the communications between their clients and their server through encryption. The service is fully automated and renewals are automated as well, keeping the certificates current and validated. However, securing your website is but one...

Apache and Mailman -- Scripts not executing

Recently I rebuilt my personal mail server (and Mailman list server) on a new version of Ubuntu. Everything went well and the Mailman list worked fine, except that all of the CGI-BIN scripts would download in the browser, rather than executing. I spent a lot of time troubleshooting this issue, making various changes to my Mailman configuration, all to no avail. Eventually, I gave up and just let it sit...mail was working, so it wasn't an emergency. However, this weekend I decided I needed the interface working, so I dove back into troubleshooting the problem and looking for answers. I again made several changes to the configuration, tweaking ScriptAlias and whatnot, again to no avail. Then I stumbled upon...

Solving Fail2Ban not banning IPs on Ubuntu 16.04

I recently installed Fail2Ban on my personal mail/web host as the number of "bad actors" has climbed a lot in recent years and I no longer felt comfortable just allowing them to pummel my server. I'm writing up another blog post shortly on everything I did and how it all works; however, I had one issue that kept cropping up: Running fail2ban-client status recidive returned the following: Status for the jail: recidive |- Filter | |- Currently failed: 158 | |- Total failed: 741 | `- File list: /var/log/fail2ban.log `- Actions |- Currently banned: 8 |- Total banned: 8 `- Banned IP list: 185.127.19.155 203.87.129.135 80.82.77.203 94.102....