SysteMajik’s policy for incoming and outgoing e-mail. How we allow external users authenticated access to send e-mail.
Over the holidays, I had a user experience and attempted browser hijacking. It appeared to have bypassed my squid proxy. My updated configuration now sends all web access via squid. The old firewall rules, that allowed direct access to the Internet, have been replaced with a transparent Squid proxy. This runs on my existing Squid Proxy using another port.
As the IPv4 addresses begin to run out I finally invested the time to investigate and implement IPV6. As my ISP has not yet announced the availability of IPV6 addresses I chose to implement a 6to4 tunnel. This is simple to implement, and currently well supported. My external firewall is an ASUS wireless router running… Continue reading Implementing IPv6 6to4 on OpenWRT
I found the networking configured by libvirt (KVM) did not allow me to firewall the network as I desired. I use Shorewall for firewalling, and DNSMasq for internal DNS and DHCP. After a little experimentation, I found that I could configure Ubuntu to create the network. This allows me to get a reliable firewall configuration with a… Continue reading Manual networking for KVM
I find it useful to have a remote desktop to my Ubuntu systems. On secure connections, I have been using VNC via xinetd. Connections with xrdp where possible, but it wasn’t launching the desktop for the connection. For secure terminal connections, I stick with ssh. All these connections have a login at the start of the… Continue reading Remote Desktops with VNC and RDP
This article was updated in February 2014 to reflect changes in policy and reporting options. The earlier ADSP (Author Domain Signing Practices) information has been removed. DomainKeys Identified Mail (DKIM) provides a method to confirm the origin of an e-mail. DKIM also provides some protection against tampering. Unlike SPF, this validation applies to the contents… Continue reading Implementing DKIM with Exim
I have been receiving a fair amount of Spam from an e-mail forwarder. They are unwilling to correct their problems. Much of this Spam is in the form of bounce notifications. Attempting to reject other Spam resulted in more notifications. To control this Spam I implemented signed return path addresses. As a side benefit, I am also rejecting bogus notifications… Continue reading Signing Return Path Addresses with Exim
Cfengine is a declarative system configuration tool. This helps apply standards to system configuration. The configuration files specify the desired configuration and the engine applies these specifications to the system. It is useful to: Distribute configuration files; Install standard packages (including on Debian and Ubuntu with code provided here); Cleanup old files; and Ensure certain programs… Continue reading Cfengine 2 for Debian and Ubuntu
To enable for Internet chat I set up Google Chat and Skype. My firewall rules have been extremely restrictive with only known and approved services allowed to connect. Google Chat installed with no noticeable impact to the firewall. Things did not go so well with Skype. The installation of Skype resulted in lots of warnings… Continue reading Firewalling Google Chat and Skype
Squid is a proxy service for HTTP and other requests. This article covers installing it and configuring it to run on Ubuntu as a transparent proxy. This documentation includes configuring Web Proxy Auto-Discovery (WPAD) via DHCP and DNS. I run a heterogeneous configuration. This provided a number of challenges as various implementations of WPAD were encountered. Each seems to… Continue reading Setting up Squid Proxy on Ubuntu