I've got a few comments on the guide and things to consider before running your own mail server.
Your point about PTR records is not optional. If you don't have proper PTR records, you will be blocked by a majority of sites
Static IP. If you run from something seen as a dynamic IP address, you will be in even worse doo-doo than not having proper PTR records
You must understand the implications of using SPF. If you publish an SPF record for your mail domain, you must ensure that all out-going mail "from" your domain comes from your server.
You must be prepared for heavy loads. If a spammer sends a million messages to the net forging your return address, you will get tens of thousands of bounces in quick succession.
Ideally you should have a back-up MX somewhere.
You will need to have good uptimes and connectivity.
SMTP is simple, but understanding the subtleties of mail transport is not. You will need to understand.
You will need good, reliable, DNS service. Be sure to have a caching DNS server on your local net.
I don't want to discourage people from learning about and playing with running mail servers, but I would strongly recommend that you do so only with non-critical mail domains. Keep the mail that you really need hosted by professionals.
Interesting service, but with all the WiFi nowadays, I would really have liked an option to have SSL. Do they do that as well? It isn't on their pages (and it is probably rather expensive to buy the CPU power / SSL off-loader + certificates for them to handle it.
Yes, they do SSL very well. For the webmail just use the "secure login" button. For everything else, just configure your mailer appropriately. They've done SSL from the beginning (or at least for a long time).
I have a great local ISP, and they maintain their systems well, including email w/IMAP & a decent spam filter. They even have an MOTD that lists outages.
I used to have an ISP like that. I'd even gotten to know their postmaster whom I respected enormously. Unfortunately that ISP got absorbed by a larger one, and things went into a rapid decline. After about a year, I moved to fastmail.
If yours is one of the rare ISPs that provides top-notch email service, by all means stick with them. But I still stand by my recommendation to get your own domain name for email so that you can switch providers easily if the need arises.
As with ISPs there is concern about using your web hosting company for mail. A few of them do a very good job with mail. Most don't for the reasons I've listed.
You weren't willing to put in an explicit plug for your ISP (I see no harm in listing it, since we were asked for recommendations). But I'll list the service providers that I've finally found that I am happy with.
DNS: dnspark.net
Email: fastmail.fm
Registrar: register4less
Access Service Provider: Verizon FiOS.
I still haven't found a web hosting solution that fits my erratic expectations. The fault is not with hosting companies, but with the fact that I don't really know what I want. So currently my webserver is in my home office.
Please note that I didn't set out originally to have all services provided by different entities. It just worked out that way. Now I'm glad of the flexibility it gives me, even if it is a bit more expensive then using bundled services.
I absolutely recommend fastmail. Fastmail is the system that I would have liked to design. They really understand IMAP and they have the only webmail interface that doesn't make my skin crawl. I am extremely picky about email (I professionally set up email systems for small and medium sized businesses, and I've been a happy fastmail customer for about seven years.
Even if you don't pick fastmail, you should get your own domain name that you use for email. Typically your domain registrar will allow you to set up forwarding to whatever addresses you wish. This way, you aren't locked into your ISP or other email hoster if you wish to change. If I stopped liking fastmail tomorrow, I could easily switch to another provider by just changing a few DNS records. I've had ISPs and hosting companies screw up my mail before, and I enjoy the freedom to switch if necessary. Though I don't anticipate switching from fastmail whom I've been with for about seven years.
Let me also state why one shouldn't use your ISP's system. Your ISP doesn't win or lose customers by the quality of their email service. For them, email is nothing but an added expense which they run because they "have to" and because it creates a lock-in opportunity. This also applies Gmail. Who knows what their business model is, but keeping email customers happy probably isn't the core of it.
Free services (yahoo, gmail, hotmail etc.) have the caveats of free services: You get little support; Terms and Conditions change more rapidly than most others; advertisements; crappy IMAP support; and they are used by spammers leading to all mail from those services being more likely to be filtered. Fastmail does offer a "free" (advertising supported) service, but I've never used that.
There are some competitors to fastmail. You should look them up as well. The last time I seriously looked at these (2004) to provide a recommendations for a client, fastmail was still the best bet IMO.
Other than being a happy customer, I have no connection to fastmail.
Of course I've changed it since, but yesterday my answer to "Where did you meet your spouse" was "At the intersection of Beta Sirius and EO5F4KNwSfIWsTv94VyXSCRXbRrOeUzcAOozDUpeYRHFmmKJbRImqt5XPr5lDZ1"
Someone went through the password recovery dialog and was able to guess answer "Where did you meet your spouse?".
Can someone give me the rationale for those password recovery mechanism that are usually far weaker than the passwords themselves? They seem like such a blatantly bad idea, that I must be missing something in failing to understand why they exist at all
ZFS isn't available on Linux. It is a great enterprise class file system,
ZFS is available on FreeBSD (I'm not using it yet, as UFS2 fits my limited needs). Also there is partial support for ZFS on OS X. So once Linux supports it, it may become the Unix filesystem of choice and compatibility
Anyway, is support for ReiserFS drying up? Does it really depend so much on one man? Or is the creepiness of the whole Reiser affair putting people off.
The worst I've seen is target.com which will silently truncate the password at 16 characters. So if you use a password generator and password management system, you won't be able to log in again until you've discovered their little trick.
I fully agree with the parent. The idea of keeping an email address that you actually use private is several orders of magnitude sillier than thinking your credit card number and social security number hasn't been stolen a dozen times already.
But there is one place I won't "publish" my email address (jeffrey@goldmark.org), and that is in the From line of a Usenet posting. Reply-to is fine, and there absolutely no problem in the body of messages, but tests have shown that putting something in the From line of a Usenet posting will give you a very noticeable increase in spam.
I do see the behavior described: Emergency call, then double press takes me to my phone "Favorites". From the favorites, I can look up the details of of those address book entries and bring up Safari or Mail.
From Safari opened this way, I can get to my bookmarks. And I suspect that from Mail (haven't tested it yet), I could get to all of my contacts. All of this with completely by-passing the PIN.
In the comic, Megan, merely an end user, is being prosecuted for theft in criminal court. Has that ever happened in real life?
The comic definitely tries to convey to the reader that unlawful downloading can get you prosecuted for theft. That is a lie.
They also are exceedingly misleading about who they are. While maybe that isn't fully a lie, they are certainly far from honest
PS: for the record, I do oppose the copyright violations of these kinds of "sharing".
I suspect that check_afp isn't scriptable:
% osascript -e 'tell app "check_afp" to do shell script "whoami"'
24:48: execution error: An error of type -10661 has occurred. (-10661)
I was specifically looking at article II, lying to the world about the war... that's not exactly small beans is it?
As I've said in another post, misleading the public in the pursuit of a bad policy, no matter how terrible the outcome, isn't an impeachable offense.
I do agree about climate change, but what can you do...
What is different between Article II and the climate change article? Both involve misleading Congress and the public by being highly selective about what evidence to present. So I don't see how you can think one is an impeachable offense and the other one isn't.
The guy basically says there is no evidence for impeachment, and it is just about popularity. Yet the raticle is a PDF listing the evidence for impeachment?
But that PDF doesn't contain evidence for impeachment. It contains evidence that GWB makes even Warren G. Harding look good by comparison. But being a bad President, even being the worst one ever, isn't an impeachable offense.
"Misleading Congress and the American Public" isn't a crime. Anyone pushing any policy is selective about the evidence they present. Bush and Cheney have been extreme in their selection of evidence and the consequences are tragic. But I see no evidence for impeachment. Or the one or two articles where there is a shadow of a hint of a case are buried in a pile of BS.
As if it were just about being unpopular. Get a grip... if you actually READ the articles in the.pdf there is seriously strong evidence for the criminal acts this president has wrought upon us.
If the articles only included things that actually were criminal in the technical sense, I would feel better about it. But all but a few of them are actually criminal, even if they are tragic, awful and venial. I mean trying to impeach the President for "Systematically Undermining Efforts to Address Global
Climate Change" just shows the inanity of effort. Sure that was extremely bad policy, but if we are going to start considering bad policy and the rhetoric used to sell bad policy as impeachable offenses then every politician to the end of time will be impeachable.
Even the few that may really involve criminality are things that should be resolved by the courts (signing statements) or aren't clearly about the President himself (Meirs and Rove failing to answer subpoenas) are hardly impeachable offenses.
The political grandstanding comes when there is failure to act on this!
I respectfully submit that you are the one who hasn't read the indictment. Or that you have very peculiar ideas about what impeachment is actually for.
I hated the investigation and the impeachment of President Clinton. Although GWB's "crimes" are certainly worse in terms of their impact and deceit, the bar for impeachment should be much higher than "Well, it's better than what they did to Clinton."
Is it stupid because you disagree with the terms, or stupid because it will accomplish nothing?
I think that it is stupid because it distracts from core issues and fails to separate the constitutional and legal issues from the reasons people dislike the President. Bush is unpopular because Iraq isn't going the way people wanted to believe it would and because you can no longer make yourself rich by getting an ARM in a rising housing market.
But those aren't the things that come close to impeachable offensives. The possibly impeachable offensives (signing statements, domestic spying) are things that people don't care about and my even agree with the President on.
I would like to try to focus attention on those issues without it being about the individual. An impeachment circus isn't the way to do that.
Mostly, I dislike the idea of impeaching any President who becomes unpopular. We (correctly) don't have a "recall" mechanisms for federal elections, and we shouldn't use impeachment as a substitute.
This kind of thing was stupid when Clinton was impeached, and it is stupid today. I hate GWB's assault on the Constitution as much as anyone (I'm a card carrying member of the ACLU). But this impeachment attempt is just makes my side look stupid.
Slashdot Mirror
I wrote a full guide on setting up the mail server using Debian and the outstanding mail server package Archiveopteryx. You can read it here:
http://www.mrnaz.com/?s=publish-blog&entryid=197
I've got a few comments on the guide and things to consider before running your own mail server.
I don't want to discourage people from learning about and playing with running mail servers, but I would strongly recommend that you do so only with non-critical mail domains. Keep the mail that you really need hosted by professionals.
Interesting service, but with all the WiFi nowadays, I would really have liked an option to have SSL. Do they do that as well? It isn't on their pages (and it is probably rather expensive to buy the CPU power / SSL off-loader + certificates for them to handle it.
Yes, they do SSL very well. For the webmail just use the "secure login" button. For everything else, just configure your mailer appropriately. They've done SSL from the beginning (or at least for a long time).
I have a great local ISP, and they maintain their systems well, including email w/IMAP & a decent spam filter. They even have an MOTD that lists outages.
I used to have an ISP like that. I'd even gotten to know their postmaster whom I respected enormously. Unfortunately that ISP got absorbed by a larger one, and things went into a rapid decline. After about a year, I moved to fastmail.
If yours is one of the rare ISPs that provides top-notch email service, by all means stick with them. But I still stand by my recommendation to get your own domain name for email so that you can switch providers easily if the need arises.
As with ISPs there is concern about using your web hosting company for mail. A few of them do a very good job with mail. Most don't for the reasons I've listed.
You weren't willing to put in an explicit plug for your ISP (I see no harm in listing it, since we were asked for recommendations). But I'll list the service providers that I've finally found that I am happy with.
I still haven't found a web hosting solution that fits my erratic expectations. The fault is not with hosting companies, but with the fact that I don't really know what I want. So currently my webserver is in my home office.
Please note that I didn't set out originally to have all services provided by different entities. It just worked out that way. Now I'm glad of the flexibility it gives me, even if it is a bit more expensive then using bundled services.
I absolutely recommend fastmail. Fastmail is the system that I would have liked to design. They really understand IMAP and they have the only webmail interface that doesn't make my skin crawl. I am extremely picky about email (I professionally set up email systems for small and medium sized businesses, and I've been a happy fastmail customer for about seven years.
Even if you don't pick fastmail, you should get your own domain name that you use for email. Typically your domain registrar will allow you to set up forwarding to whatever addresses you wish. This way, you aren't locked into your ISP or other email hoster if you wish to change. If I stopped liking fastmail tomorrow, I could easily switch to another provider by just changing a few DNS records. I've had ISPs and hosting companies screw up my mail before, and I enjoy the freedom to switch if necessary. Though I don't anticipate switching from fastmail whom I've been with for about seven years.
Let me also state why one shouldn't use your ISP's system. Your ISP doesn't win or lose customers by the quality of their email service. For them, email is nothing but an added expense which they run because they "have to" and because it creates a lock-in opportunity. This also applies Gmail. Who knows what their business model is, but keeping email customers happy probably isn't the core of it.
Free services (yahoo, gmail, hotmail etc.) have the caveats of free services: You get little support; Terms and Conditions change more rapidly than most others; advertisements; crappy IMAP support; and they are used by spammers leading to all mail from those services being more likely to be filtered. Fastmail does offer a "free" (advertising supported) service, but I've never used that.
There are some competitors to fastmail. You should look them up as well. The last time I seriously looked at these (2004) to provide a recommendations for a client, fastmail was still the best bet IMO.
Other than being a happy customer, I have no connection to fastmail.
Of course I've changed it since, but yesterday my answer to "Where did you meet your spouse" was "At the intersection of Beta Sirius and EO5F4KNwSfIWsTv94VyXSCRXbRrOeUzcAOozDUpeYRHFmmKJbRImqt5XPr5lDZ1"
What a coincidence. That's where I met mine, too.
Someone went through the password recovery dialog and was able to guess answer "Where did you meet your spouse?".
Can someone give me the rationale for those password recovery mechanism that are usually far weaker than the passwords themselves? They seem like such a blatantly bad idea, that I must be missing something in failing to understand why they exist at all
Thank you for your extremely informative and insightful (that's a hint to those with mod points) answer to my question.
ZFS isn't available on Linux. It is a great enterprise class file system,
ZFS is available on FreeBSD (I'm not using it yet, as UFS2 fits my limited needs). Also there is partial support for ZFS on OS X. So once Linux supports it, it may become the Unix filesystem of choice and compatibility
Anyway, is support for ReiserFS drying up? Does it really depend so much on one man? Or is the creepiness of the whole Reiser affair putting people off.
The worst I've seen is target.com which will silently truncate the password at 16 characters. So if you use a password generator and password management system, you won't be able to log in again until you've discovered their little trick.
Very funny. Just for that I'll have to post your social security number.
I fully agree with the parent. The idea of keeping an email address that you actually use private is several orders of magnitude sillier than thinking your credit card number and social security number hasn't been stolen a dozen times already.
But there is one place I won't "publish" my email address (jeffrey@goldmark.org), and that is in the From line of a Usenet posting. Reply-to is fine, and there absolutely no problem in the body of messages, but tests have shown that putting something in the From line of a Usenet posting will give you a very noticeable increase in spam.
I do see the behavior described: Emergency call, then double press takes me to my phone "Favorites". From the favorites, I can look up the details of of those address book entries and bring up Safari or Mail.
From Safari opened this way, I can get to my bookmarks. And I suspect that from Mail (haven't tested it yet), I could get to all of my contacts. All of this with completely by-passing the PIN.
They do not lie in the comic itself
In the comic, Megan, merely an end user, is being prosecuted for theft in criminal court. Has that ever happened in real life?
The comic definitely tries to convey to the reader that unlawful downloading can get you prosecuted for theft. That is a lie. They also are exceedingly misleading about who they are. While maybe that isn't fully a lie, they are certainly far from honest
PS: for the record, I do oppose the copyright violations of these kinds of "sharing".
Maybe I'm showing my age (no, I didn't see it when it was first shown), but this actually reminded me of Reefer Madness .
Flash is really enemy #1 in terms of security
I would put JavaScript as #1.
I'm not an idiot, but I play one on TV.
I thought you Danes had plenty of fjords in Greenland.
I suspect that check_afp isn't scriptable: % osascript -e 'tell app "check_afp" to do shell script "whoami"'
24:48: execution error: An error of type -10661 has occurred. (-10661)
I've got it to run destructive things as an ordinary user without any need for authentication beyond being logged in
% osascript -e 'tell app "ARDAgent" to do shell script "echo Nasty Content >Nasty Content
That's it:
% ls -l-rwsr-xr-x 1 root wheel 1439952 Nov 15 2007 ARDAgent
Time to run find(1) to see if there are any other things like this.
And, I should say, as a so-call Apple fanboy, I am deeply embarrassed. It's been decades that people have known to watch out for stuff like this.
As I've said in another post, misleading the public in the pursuit of a bad policy, no matter how terrible the outcome, isn't an impeachable offense.
I do agree about climate change, but what can you do...What is different between Article II and the climate change article? Both involve misleading Congress and the public by being highly selective about what evidence to present. So I don't see how you can think one is an impeachable offense and the other one isn't.
But that PDF doesn't contain evidence for impeachment. It contains evidence that GWB makes even Warren G. Harding look good by comparison. But being a bad President, even being the worst one ever, isn't an impeachable offense.
"Misleading Congress and the American Public" isn't a crime. Anyone pushing any policy is selective about the evidence they present. Bush and Cheney have been extreme in their selection of evidence and the consequences are tragic. But I see no evidence for impeachment. Or the one or two articles where there is a shadow of a hint of a case are buried in a pile of BS.
If the articles only included things that actually were criminal in the technical sense, I would feel better about it. But all but a few of them are actually criminal, even if they are tragic, awful and venial. I mean trying to impeach the President for "Systematically Undermining Efforts to Address Global Climate Change" just shows the inanity of effort. Sure that was extremely bad policy, but if we are going to start considering bad policy and the rhetoric used to sell bad policy as impeachable offenses then every politician to the end of time will be impeachable.
Even the few that may really involve criminality are things that should be resolved by the courts (signing statements) or aren't clearly about the President himself (Meirs and Rove failing to answer subpoenas) are hardly impeachable offenses.
The political grandstanding comes when there is failure to act on this!I respectfully submit that you are the one who hasn't read the indictment. Or that you have very peculiar ideas about what impeachment is actually for.
I hated the investigation and the impeachment of President Clinton. Although GWB's "crimes" are certainly worse in terms of their impact and deceit, the bar for impeachment should be much higher than "Well, it's better than what they did to Clinton."
Is it stupid because you disagree with the terms, or stupid because it will accomplish nothing?
I think that it is stupid because it distracts from core issues and fails to separate the constitutional and legal issues from the reasons people dislike the President. Bush is unpopular because Iraq isn't going the way people wanted to believe it would and because you can no longer make yourself rich by getting an ARM in a rising housing market.
But those aren't the things that come close to impeachable offensives. The possibly impeachable offensives (signing statements, domestic spying) are things that people don't care about and my even agree with the President on.
I would like to try to focus attention on those issues without it being about the individual. An impeachment circus isn't the way to do that.
Mostly, I dislike the idea of impeaching any President who becomes unpopular. We (correctly) don't have a "recall" mechanisms for federal elections, and we shouldn't use impeachment as a substitute.
This kind of thing was stupid when Clinton was impeached, and it is stupid today. I hate GWB's assault on the Constitution as much as anyone (I'm a card carrying member of the ACLU). But this impeachment attempt is just makes my side look stupid.