Router maintenance at eskimo.com has been completed. The automatic upgrade failed but manually uploading the new firmware succeeded.
Category Archives: Uncategorized
Router Maintenance
This affects all eskimo.com services including our shell servers, virtual private servers, https://friendica.eskimo.com/, https://hubzilla.eskimo.com/, https://nextcloud.eskimo.com/, and https://www.eskimo.com.
This evening there will be several times when I/O will freeze for router reboots. I am trying to upgrade software but having some difficulty so need to follow a procedure given to me by Ubiquiti that will require at least two reboots. This machine isn’t the fastest when it comes to reboots so outages may be as long as five minutes in duration.
Mail List Recommendations
I am looking for some suggestions for open source mail list software capable of running under Linux to replace the SmartList mail lists we are currently hosting.
SmartList has several fundamental problems. First, neither it nor procmail which it relies on has not been under active development for at least a decade. This means it may be deprecated at any time which would be bad.
Second, SmartList does not re-write the sender address and in situations where the sender’s domain signs their e-mail with SPF, DKIM, or DMARC records, and mail list recipients domains check these things, the e-mail is rejected, dropped, or marked as spam as a result of the server the mail is coming from (ours) not matching the domain of the sender which is still in the header.
Third, many people prefer to administer their lists from a web interface, SmartList provides no method for Web Admin.
Fourth, I’ve had a number of requests for mail list software that has a web archive of lists. SmartList lacks this capability.
So with these things in mind, I attempted to implement Mailman, and I was able to install it but Mailman relies on Python 2.7 which is deprecated and will go away soon, and I was unable to get it to properly recognize the fully qualified domain name and it kept trying to create lists with just the hostname. I was unable to figure out why this is since I do not have just the hostname alone configured anywhere in the software.
So then the next thing I looked at was Mailman3, mailman3 is based upon Python 3.x so current software is supported, BUT it’s split into pieces and does not have a native web interface, this is provided by some separate third party software such as Kitty, Kitty is hardwired to NgNix, and I have a very highly customized and optimized Apache2 that beats NgNix for security, speed, and capability that I prefer to stick with. Second problem with Mailman3 is the documentation is sparse to non-existent and has huge gaps in it’s installation instructions.
So I’m looking for something else, recommendations would be much appreciated.
Router Software Upgrade 7/13/22 11PM PST (GMT-0700)
We are going to do a software upgrade tonight. This requires a router reboot which takes about five minutes during which we will temporarily disconnect from the Internet. This affects ALL eskimo.com services.
Kernel Upgrades Completed
Kernel upgrades were completed with only minor systemd issues like not starting timedate service on some machines. Nothing severe or even consequential beyond requiring restart of those services.
Kernel Upgrades 7/8/2022 11PM Pacific Daylight (GMT -0700)
This will affect ALL of Eskimo North’s services including https://friendica.eskimo.com/, https://hubzilla.eskimo.com/, https://nextcloud.eskimo.com/, and https://www.eskimo.com/.
We will be upgrading to 5.17.15 which is the last iteration of the 5.17 kernel, we will not be upgrading to 5.18 series yet as it has not been entirely stable on my workstation yet. Keep getting stuck processes with 5.18 and that is no good.
The outages should mainly be between 11pm-11:30pm though some servers may be slightly longer if systemd gives me a hard time.
Outgoing Mail Bounces
If you get an e-mail bounced back with a message something to the effect of no inverse DNS for 204.122.16.222, this was not our doing but something that went wrong at ARIN, the entity responsible for assignment of IP space and associated records. Re-send your e-mail and it should go through successfully now unless the receiving site is caching bad data.
I had a customer query me as to why the mail bounced, got this message, did an nslookup and indeed there was no inverse DNS for that, or any of our other servers.
I checked each of our name servers and they were all responding correctly. For some reason ARIN was failing to delegate inverse DNS requests for our IP space to our DNS servers. I went in to the section to update the records, made no changes what so ever, but after saving the non-changes it worked again.
Reboots Around Midnight
I am going to reboot a bunch of machines tonight sometime midnight or after to change some configuration options. It turns out that there is a bug in virt-manager where if you tell it to copy the host CPU configuration, it doesn’t, instead it takes an four core, eight thread, CPU, and turns it into eight 1 thread CPU’s in the guest OS. This has less than optimal scheduling results in the guest kernel.
I can, however, manually set the architecture correctly, and this is what I’ll be doing, but it does require a guest shut-down and reboot to be effective.
Encryption Certificates
I had the certificates re-issued with a new CSR created using the current openssl 3.0.1, and the resulting certificate worked fine with Apache, Postfix, Dovecot, and MariaDB, so encryption is now secured for another year.
Old Certs Restored
Old certs are restored from backup so things will work for now. I have to get new certificates in place by July 7th as these expire at that date. But I will keep the old certs on disk until I know the new ones are working in mail as well as the web.