z3bra.org

  • 0 Posts
  • 5 Comments
Joined 2 years ago
Cake day: June 19th, 2023
  • z3bra@lemmy.sdf.orgtoSelfhosted@lemmy.worldAnother good reason not to open port 22English
    0·
    2 years ago

    A VPN is easy to setup (and I have it setup by the way), but no VPN is even easier. SSH by itself is sufficiently secure if you keep it up to date with a sane configuration. Bots poking at my ssh port is not something that bother me at all, and not part of any attack vector I want to be secure against.

    Out of all the services I expose to the clear web, SSH is probably the one I trust the most.

  • z3bra@lemmy.sdf.orgtoSelfhosted@lemmy.worldAnother good reason not to open port 22English
    1·
    2 years ago

    I get what you say, and you’re definitely not wrong to do it. But as I see it, you only saved ~80Kib of ingress and a few lines of logs in the end. From my monitoring I get ~5000 failed auth per day, which account for less than 1Mbps average bandwidth for the day.

    It’s not like it’s consuming my 1Gbps bandwidth or threatening me as I enforce ssh key login. I like to keep things simple, and ssh on port 22 over internet makes it easy to access my boxes from anywhere.

  • z3bra@lemmy.sdf.orgtoSelfhosted@lemmy.worldMy first E-Mail serverEnglish
    1·
    2 years ago

    Congratulations! A mail server is quite demanding in terms of initial setup, but it’s also very rewarding !

    Here are a few pointers I can give you:

    • Using a good domain is important, some provider block entire TLDs for cheap domains (eg. .tk or .pw). I learnt it the hard way…
    • Set your MX records to A records, not CNAME
    • Ensure your PTR records match your A records for the mail server
    • Learn about SPF and DKIM
    • Set them up, and verify with mxtoolbox
    • Use the ip4:<ipv4> and/or ip6:<ipv6> selectors for SPF
    • Setup a spamfilter (I like spamassassin)
    • Leave it all running for a few weeks/months
    • Publish a DMARC policy on your DNS, and verify with mxtoolbox

    This should limit a lot your likeliness to end up in spam folders (which is usually the hardest part about running your mail server)

  • z3bra@lemmy.sdf.orgtoSelfhosted@lemmy.worldHow do you guys back up your server?English
    1·
    2 years ago

    For config files, I use tarsnap. Each server has its own private key, and a /etc/tarsnap.list file which list the files/directories to backup on it. Then a cronjob runs every week to run tarsnap on them. It’s very simple to backup and restore, as your backups are simply tar archives. The only caveat is that you cannot “browse” them without restoring them somewhere, but for config files it’s pretty quick and cheap.

    For actual data, I use a combination of rclone and dedup (because I was involved in the project at some point, but it’s similar to Borg). I sync it to backblaze because that’s the cheapest storage I could find. I use dedup to encrypt the backup before sending it to backblaze though. Restoration is very similar to tarsnap:

    dup-unpack -k keyfile snapshot-yyyymmdd | tar -C / -x [files..] .

    Most importantly, I keep a note on how to backup/restore: Backup 101