Bill Thorsteinson

Adding SHA-2 to tinyca

Google has announced a sunset for SHA-1 certificate signatures in Chrome. SHA-2 (aka SHA-256, SHA-384, and SHA-512) is the remaining option for certificate signatures. I decided to upgrade my certificates to SHA-2 (256 bits). However, when I tried to use tinyca2 to generate a SHA-2 certificate, I found it was not supported. As tinyca2 is […]

Disabling SSLv3 to block Poodle

The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3. Ubuntu uses configuration files split into small pieces. The method should apply to other distributions, although the configuration files may be arranged […]

Disable TraceClassUnloading in Java6

I recently discovered logs filling up with log messages for classes being unloaded during garbage collection. After a little research, I found that the TraceClassUnloading switch gets turned on by the Xloggc switch. After a little testing I found, that this can be resolved by adding the argument -XX:-TraceClassUnloading after the -Xloggc argument.

Hostnames for eximstats Rejections

I use eximstats to report my daily email traffic. I have a fairly high rate of rejections, and wanted hostnames listed in the rejection reports. To resolve this I developed a patch to capture the hostname related to the IP address, and add this data to the rejection reports. The enhanced list saves me the […]

Faking IMAP for Exchange Email

Using DavMail to add IMAP, SMTP, and CalDav access to Exchange WebMail Servers. Works with Thunderbird and Windows Live clients.

Providing IPv6 DNS resolver data with radvd

How to provide DNS server addresses to IPv6 clients using Router Announcements.

Detecting Email Server Forgery

Verification methods for incoming SMTP connections with statistics. How to validate your server, and block Spambots.

Securing your Email Reputation with SPF

SPF (Server Policy Framework) is a simple means to limit the ability of others to forge your identity in email. I first implemented it after a forged identity under my domain was used to send Spam. Once SPF was configured, the bounce messages quickly dropped off. Although not as frequently implemented as sender address checks, […]

Setting Up BackupPC on Windows

Back up Windows PCs and Laptops using BackuPC. Includes installing rsycnd on Windows.

Setting Up BackupPC on Ubuntu

Set up a BackupPC Server on Ubuntu. Includes configuration of Linux and OpenWrt clients using rsyncd.