daily system administration

Linux, Debian and the rest
any questions or comments: Tom@d7031.de

better individual spam defense with amavis and spamassassin

Postfix, amavis and spamassassin is a very good team for handling emails and fighting against SPAM. They catch ninety percent of all SPAM with there ruleset. You can also include the excellent ruleset from Heinlein-Support (german). But. I’ve some special SPAM for health ensurance advertising and so on. So I’ll show a way to catch this last percents. My email setup is very common. Postfix takes the email and delivers these to amavis. Read more →

Checking hard- and software raid with icinga2

Upgrading from Nagios or Icinga 1 to the new and outstanding Icinga 2 is a good moment to review your checks. Steps to configure raid monitoring with Icinga 2 Download and install The standard nagios/monitoring plugin package includes one for a long time, but there is a new check for raid’s under linux. You can find it on GitHub. This is a modular plugin. If you want to have one big file including all modules, you can download this from my site. Read more →

Apache 2 customized error pages and exceptions for websockets

Reverse Proxy with local error pages At first create a local directory for serving your customized error pages # local error pages DocumentRoot /srv/busypage/ Alias /error/ /srv/busypage/ <Directory /srv/busypage/ Options None AllowOverride None Require all granted </Directory> Now put your pages inside and configure your error pages: ProxyErrorOverrideOn ErrorDocument 403 /error/error-403.html ErrorDocument 404 /error/error-404.html ErrorDocument 500 /error/error-500.html ErrorDocument 503 /error/error-503.html So far so easy. Error pages and websockets If you have a websocket in your backend, so this communication should be go through end to end to get the real backend error message. Read more →

Debian, Apache and HTTP/2 – Important Info !

Deliver your websites with Apache and HTTP/2 IMPORTANT INFO ! I’ve backported apache 2.4.25, but it now depends on openssl from debian backports. The reason for this step back is this bug 828236. So you have to add the debian-backports repo in your system: echo 'deb http://ftp.debian.org/debian jessie-backports main' >> /etc/apt/sources.list.d/debian-backports.list and install/update the openssl packages from there: apt-get install libssl1.0.0 -t jessie-backports Your system is now ready for the apache 2. Read more →

Checking DNS and DNSSEC with Icinga2

The new and very good Icinga2 has a new way to define and apply checks. At first it takes a litte bit more time to define the commands, but it’s much more flexible. I’ve running all my domains with DNSSEC on my own DNS-Servers. All zones are secured with OpenDNSSEC, so I’ve to check the signature. The next step to secure my communication is using DANE, so I also have to check all my DANE-entries. Read more →