Re: [GTALUG] lazy jail server admin forced to act

[Ron / BCLUG via talk]

D. Hugh Redelmeier via talk wrote on 2024-01-07 19:29:

You probably need to add a google authentication record to your 
domain name to | reduce the chance of your email messages being 
rejected by gmail.


I don't know what that is.

Googling responses suggest you might be talking about a Google 
Worspace thing.  I don't have a Google Workspace.


Yeah, I don't think Google authentication is useful for email:

https://support.google.com/a/answer/183895?hl=en.


Verify your domain with a TXT record

Why do I need to do this?

We don't want someone else to use your domain to sign up for Google 
Workspace. You can help us keep your domain safe by showing us that 
you are the owner.



Have you verified your SPF and DKIM via some online site such as:

https://mxtoolbox.com/dkim.aspx ?


Also, do you have IPv6 on your server?  Is postfix using it?  That'll 
probably fix Gmail spam issues, seems most Gmail is via IPv6.



rb
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[Kevin Cozens via talk]

On 2024-01-07 22:29, D. Hugh Redelmeier via talk wrote:

| From: Kevin Cozens via talk 

| You probably need to add a google authentication record to your domain name to
| reduce the chance of your email messages being rejected by gmail.

I don't know what that is.


I had to check the TXT records associated with my domain name to remember 
that it is called google-site-verification. There was some page in a Google 
website that explained how to set it up.


I haven't heard of Google Workspace before seeing your reply. I don't know 
anything about it. I added the site verification record for my domain some 
years ago. Google may have changed things since then.


--
Cheers!

Kevin.

https://www.patreon.com/KevinCozens | "Nerds make the shiny things that
| distract the mouth-breathers, and
Owner of Elecraft K2 #2172  | that's why we're powerful"
#include  | --Chris Hardwick

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[D. Hugh Redelmeier via talk]

| From: Kevin Cozens via talk 

| You probably need to add a google authentication record to your domain name to
| reduce the chance of your email messages being rejected by gmail.

I don't know what that is.

Googling responses suggest you might be talking about a Google
Worspace thing.  I don't have a Google Workspace.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[Kevin Cozens via talk]

On 2024-01-07 12:27, D. Hugh Redelmeier via talk wrote:

Mails from my domain have started to be rejected by gmail.
To placate gmail, I've added an SPF record to my doman:


Some of my email messages were winding up in other peoples spam folders. I 
added SPF, DKIM, and google authentication records. I still have messages 
occasionally winding up in a recipients spam folder for no apparent reason.


You probably need to add a google authentication record to your domain name 
to reduce the chance of your email messages being rejected by gmail.


--
Cheers!

Kevin.

https://www.patreon.com/KevinCozens | "Nerds make the shiny things that
| distract the mouth-breathers, and
Owner of Elecraft K2 #2172  | that's why we're powerful"
#include  | --Chris Hardwick

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[Ron / BCLUG via talk]

D. Hugh Redelmeier via talk wrote on 2024-01-07 09:27:


Mails from my domain have started to be rejected by gmail.
To placate gmail, I've added an SPF record to my doman:


Another trick to help with email delivery to Google is to implement IPv6 
in Postfix if it's available.



rb
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

[GTALUG] video: The Dark Side of Open Source

[D. Hugh Redelmeier via talk]

This video was recommended to me:

Chris Titus Tech: The Dark Side of Open Source


Apparently Titus recommended Thorium, a mod of the Chromium browser.
Now he feel burned because of a couple of non-mainstream Easter eggs.

It seems mostly overwrought silliness to me.  But you can decide for 
yourself.

The story isn't really about open source.  It is about trust and 
verification of software.  The bigger / more complex the object, the 
harder it is to trust.  A very very deep problem.

How does open source relate to this?

- (we think that) it is harder to sue an open source project than a 
  commercial software producer.

- the infrastructure for open source (GitHub, for example) lets you build 
  and distribute new mixes things without a lot of effort.  So one oddball 
  can create and distribute a useful system

- a larger team, needed in the past, would probably have an average
  weirdness that is less than some random single creator.

- open source software can be examined.  This is likely how the
  "problems" with Thorium were discovered.

I don't even know why Thorium was interesting.  It is a hacked version
of Chromium.  Are the hacks interesting?  Apparently its main
advantage is that it is compiled with higher optimization.  If they
judged it worth doing, the Chrome project could do this itself.  As
could the distros that package Chrome or Chromium.

The only browsers that I (reluctantly) trust enough to use are
FireFox, Chrome, Chromium.  Links or Lynx when desperate.
Browser-of-the-month isn't a club for me since the browser is my main
exposure to security threats.

There is a very interesting question here: how can software earn trust? 
Any software, including open source software.

A recent enthusiasm has been to implement procedures to prevent "supply 
chain attacks". Things like "software bills of materials" (provenance of 
components).  The (deserved) whipping boy has been NPM, the repo for open 
source JavaScript.  Equally scary things exist for Python, Perl, and Rust, 
for example.

The Thorium browser problem could be classified as a supply chain problem.

Reliable software is hard.  We have to work on it any way that is 
effective.

PS: I'm looking at Titus' video recommending Thorium in the first place.

- He gushes about how much faster it is than Chromium and Chrome.
- He suggests that the author has added accelerators not in chromium.
- A few nice little things.
- He mentions "multi-threading improvements" which seems unlikely.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

[GTALUG] Reminder: GTALUG Monthly Meeting

[Alan Heighway via talk]

The Dark Side of Open Source 

09 January, 2024 at 07:30 PM

We'll start with a review of the following YouTube video:
https://www.youtube.com/watch?v=Q-02fW-n4qg followed by comments and an
open discussion.

We're going to use Big BLue Button for this meeting:
https://blue.lpi.org/b/eva-zjc-gjy-kgl

*Time:* January 09th, 2024 7:30 PM Eastern Time

*Join us on Big Blue Button:* https://blue.lpi.org/b/eva-zjc-gjy-kgl.
LocationBig Blue Button - https://blue.lpi.org/b/eva-zjc-gjy-kgl

*A*lan *H*eighway 
heighway.ca
   VA3WAH / VA3YKZ

[image: Please consider the environment before printing]
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] meeting Tuesday?

[Colin McGregor via talk]

I have a paid Zoom account, so I could easily set-up an on-line GTALug
meeting without any issues. That noted I would want someone else to
run the meeting as for several reasons, I don't think I would be good
at that. So, if a Zoom instance on Tuesday would be useful, let me
know and I'll set something up.

All the best,


Colin.

On Sun, Jan 7, 2024 at 1:45 PM Ron / BCLUG via talk  wrote:
>
> D. Hugh Redelmeier via talk wrote on 2024-01-05 22:58:
>
> > The venue might be changed from our Big Blue Button room.  Our host, LPI,
> > was set to switch from BBB to some NextCloud facility.
> >
> > If we don't get further directions, try
> >https://blue.lpi.org/b/eva-zjc-gjy-kgl
>
> If the BBB site isn't working when the meeting time rolls around (it is
> loading now - just tested it), there was an email to Ops list with
> Nextcloud account credentials for GTALUG.
>
>
> We could give that a try for a meeting.
>
>
> GTALUG user has ability to create users, so any Ops list members can
> have a look around and even create a user for personal use.
>
>
> There's a Talk room set up, and a spreadsheet with the beginnings of a
> collection of Canadian LUG contacts.
>
>
> rb
> ---
> Post to this mailing list talk@gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[Ron / BCLUG via talk]

D. Hugh Redelmeier via talk wrote on 2024-01-07 10:10:


| You may find that you need DKIM and DMARC as well. If you’re using
| postfix it’s fairly easy to hook opendkim in.

| My biggest hurdle was trying to find clear concise guides.

Links?


https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf



| How to read this:

|   mx:
|   email sent by mimosa.com should only come from its servers
|   declared in MX DNS records

In other words, this test only marks good things.  Then the "~all" says 
anything that isn't good is bad.


More "untrustworthy, use your own judgment" than out-and-out bad (as I 
understand it).


The link above has me reconsidering my choice of -all, I need to review 
my domains and SPF records to ensure I'm using ~all instead of -all.



rb

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[D. Hugh Redelmeier via talk]

| From: D. Hugh Redelmeier via talk 

| How to read this:

|   mx:
|   email sent by mimosa.com should only come from its servers
|   declared in MX DNS records

More accurately, this means that mail that says it is from mimosa.com is 
OK if it comes from one of the SMTP servers listend in MX records.

In other words, this test only marks good things.  Then the "~all" says 
anything that isn't good is bad.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[D. Hugh Redelmeier via talk]

| From: John Sellens via talk 

| You may find that you need DKIM and DMARC as well. If you’re using 
| postfix it’s fairly easy to hook opendkim in.

Yeah.

| My biggest hurdle was trying to find clear concise guides. 

Links?---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

[John Sellens via talk]

You may find that you need DKIM and DMARC as well. If you’re using postfix it’s 
fairly easy to hook opendkim in. 

My biggest hurdle was trying to find clear concise guides. 

John


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

[GTALUG] lazy jail server admin forced to act

[D. Hugh Redelmeier via talk]

Mails from my domain have started to be rejected by gmail.
To placate gmail, I've added an SPF record to my doman:

mimosa.com. IN  TXT "v=spf1 mx ~all"

How to read this:

v=spf1:
this TXT record is an SPF version 1 record

mx:
email sent by mimosa.com should only come from its servers
declared in MX DNS records

~all:
any other mail from mimosa.com is bogus.
(~ and - are slightly different.)

That seemed pretty painless.  I guess I should have done this a decade 
ago.

I hope this works.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] meeting Tuesday?

[Ron / BCLUG via talk]

D. Hugh Redelmeier via talk wrote on 2024-01-05 22:58:


The venue might be changed from our Big Blue Button room.  Our host, LPI,
was set to switch from BBB to some NextCloud facility.

If we don't get further directions, try
   https://blue.lpi.org/b/eva-zjc-gjy-kgl


If the BBB site isn't working when the meeting time rolls around (it is 
loading now - just tested it), there was an email to Ops list with 
Nextcloud account credentials for GTALUG.



We could give that a try for a meeting.


GTALUG user has ability to create users, so any Ops list members can 
have a look around and even create a user for personal use.



There's a Talk room set up, and a spreadsheet with the beginnings of a 
collection of Canadian LUG contacts.



rb
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] meeting Tuesday?

[ac via talk]

I think many of us are simply snowed under? It is that time of (new)
year. Speaking for myself, I have over ten servers that needs replacing
yesterday (The Centos7.9 date is approaching so very fast - are others
among us experiencing the same stress? ) BTW - heads up - the AlmaLinux
auto migration is still so problematic and buggy, imho 'hobby' not
production use... - for production --> do the migration as you would
migrate say redhat to ubuntu or ubuntu to suse, etc. So, I also
have four video servers with weird issues I have to find/solve very
quickly, I am investigating a potentially serious security flaw in commonly 
used software and my kids are getting ready to start a new school year, 
my home is upside down and a country not to be named has decided 
that it is a good time to see how much stress my security systems can 
handle. My unicorn has decided to lick my tuque, so who knows it may 
in fact decide to move in (maybe one of the older kids will move out?) 
*sigh* happy 2024 (how many days till 2025?)

On Sat, 6 Jan 2024 15:51:47 -0500
Evan Leibovitch via talk  wrote:

> I've been hoping that someone else could answer.
> I have some other news that I'll share in another email here.
> I have multiple people wanting to talk  about interesting stuff...
> just not next Tuesday night.
> 
> Does anyone here have any topics they'd like to talk about?
> 
> Please?
> 
> 
> On Sat, Jan 6, 2024 at 1:59 AM D. Hugh Redelmeier via talk
>  wrote:
> 
> > We are supposed to have a meeting Tuesday but I have not seen an
> > announcement.
> >
> > The venue might be changed from our Big Blue Button room.  Our
> > host, LPI, was set to switch from BBB to some NextCloud facility.
> >
> > If we don't get further directions, try
> >   
> > at 19:30 on Tuesday.
> > There's plenty of stuff to chat about.
> >
> > PS: this is partly a probe of the mailing list.  It went offline
> > without notice last month.  I was able to restart it when I found
> > out about the problem.
> > ---
> > Post to this mailing list talk@gtalug.org
> > Unsubscribe from this mailing list
> > https://gtalug.org/mailman/listinfo/talk
> >  
> 
> 

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk