Postfix, amavis and spamassassin is a very good team for handling emails and fighting against SPAM. They catch ninety percent of all SPAM with there ruleset. You can also include the excellent ruleset from Heinlein-Support (german). But. I’ve some special SPAM for health ensurance advertising and so on. So I’ll show a way to catch this last percents. My email setup is very common. Postfix takes the email and delivers these to amavis.
Read more →
Upgrading from Nagios or Icinga 1 to the new and outstanding Icinga 2 is a good moment to review your checks.
Steps to configure raid monitoring with Icinga 2 Download and install The standard nagios/monitoring plugin package includes one for a long time, but there is a new check for raid’s under linux. You can find it on GitHub. This is a modular plugin. If you want to have one big file including all modules, you can download this from my site.
Read more →
Reverse Proxy with local error pages At first create a local directory for serving your customized error pages
# local error pages DocumentRoot /srv/busypage/ Alias /error/ /srv/busypage/ <Directory /srv/busypage/ Options None AllowOverride None Require all granted </Directory> Now put your pages inside and configure your error pages: ProxyErrorOverrideOn ErrorDocument 403 /error/error-403.html ErrorDocument 404 /error/error-404.html ErrorDocument 500 /error/error-500.html ErrorDocument 503 /error/error-503.html So far so easy. Error pages and websockets If you have a websocket in your backend, so this communication should be go through end to end to get the real backend error message.
Read more →
Deliver your websites with Apache and HTTP/2 IMPORTANT INFO !
I’ve backported apache 2.4.25, but it now depends on openssl from debian backports. The reason for this step back is this bug 828236. So you have to add the debian-backports repo in your system:
echo 'deb http://ftp.debian.org/debian jessie-backports main' >> /etc/apt/sources.list.d/debian-backports.list and install/update the openssl packages from there:
apt-get install libssl1.0.0 -t jessie-backports Your system is now ready for the apache 2.
Read more →
The new and very good Icinga2 has a new way to define and apply checks. At first it takes a litte bit more time to define the commands, but it’s much more flexible. I’ve running all my domains with DNSSEC on my own DNS-Servers. All zones are secured with OpenDNSSEC, so I’ve to check the signature.
The next step to secure my communication is using DANE, so I also have to check all my DANE-entries.
Read more →