pmeerw's blog
pmeerw's blog
It's easy, just run sudo fwupdmgr get-updates followed by sudo fwupdmgr update.
The system needs to be on AC power to perform the update.
posted at: 22:07 | path: /configuration | permanent link
It's possible to just list multiple domains in opendkim.conf which will all get signed with the same key indicated by KeyFile and Selector (as pointed out here).
# Sign for example.com with key in /etc/dkimkeys/dkim.key using # selector 'mail' (e.g. mail._domainkey.example.com) # hacky, multiple domains, all share the same key and the same DNS setup # so we also need mail._domainkey.bla.net and mail._domainkey.blub.org DNS records Domain example.com, bla.net, blub.org KeyFile /etc/dkimkeys/example.com.key Selector mail
A more complex way with individual mappins is described here.
A good way to test the setup is appmaildev.com's DKIM Test.
posted at: 10:10 | path: /configuration | permanent link
Debian unstable recently updates the PostSRSd to 2.0.11-1+b1, breaking stuff:
sender_canonical_maps = socketmap:unix:srs:forward sender_canonical_classes = envelope_sender recipient_canonical_maps = socketmap:unix:srs:reverse recipient_canonical_classes = envelope_recipient, header_recipient
/etc/postsrsd.conf r, /var/spool/postfix/** rwk,
posted at: 11:00 | path: /configuration | permanent link
Thanks to these notes on setting up the route64 tunnelbroker on mikrotik, I can confirm it works. Route64 supports wireguard for the tunnel and give out a /56 subnet, so one can have 256 /64 subnets. The cable modem needs to forward a particular UDP port to the mikrotik router on the internal network which does the wireguard magic.
[Interface] PrivateKey = <private key> Address = 2a11:6c7:f03:123::2/64 [Peer] PublicKey = FkVCzA3bhSrqOUhXNxVHDXSLDvWHUa7BGj75uuh85TE= AllowedIPs = ::/1, 8000::/1 Endpoint = 165.140.142.113:<port> PersistentKeepAlive = 30
/interface wireguard add mtu=1420 name=wireguard1 private-key=<private key>
/interface wireguard peers add allowed-address=::/1,8000::/1 endpoint-address=165.140.142.113 endpoint-port=<port> interface=wireguard1 persistent-keepalive=30s public-key="FkVCzA3bhSrqOUhXNxVHDXSLDvWHUa7BGj75uuh85TE="
/ipv6 address add address=2a11:6c7:f03:123::2/64 interface=wireguard1 /ipv6 route add dst-address=2000::/3 gateway=wireguard1
/ipv6 nd set [ find default=yes ] interface=bridge mtu=1420 /ipv6 address add address=2a11:6c7:2001:5301::/64 advertise=yes interface=bridge
My IPv6 tunnel adventures are coming to an end... Still, I'd like to see Salzburg AG offer native IPv6.
posted at: 20:14 | path: /configuration | permanent link
RFC9460 is about "Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)". The idea is to signal to web browsers that the connection to the server shall be encrypted (similar to HSTS), as well as HTTP protocol preferences: HTTP/3 (QUIC), HTTP/2, fallback to HTTP/1.1. The protocol handshake can thus be performed quicker. The SVCB records allow configuration for load balancing, failover, encrypted ClientHello support, etc.
The proposed DNS record looks as follows:
example.com. IN HTTPS 1 . alpn="h3,h2" ipv4hint="23.209.46.91" ipv6hint="2600:1413:b000:13::b857:c185"ALPN indicates for protocol preference and fallback. The IP hint may speed up connection performance. In particular when a different "target" is to be used (here it's just ".").
More here.
posted at: 16:20 | path: /configuration | permanent link
