I upgraded the OpenSSL version to get rid of the nasty bugs that Debian accidentally introduced. This also coupled with a kernel message, and various sources told me it was a good idea to reboot after the SSL upgrade (just to make sure), and decided to bite the bullet.

In this upgrade, PHP was upgraded to 5.2.6, ClamAV was upgraded, the kernel was updated, OpenSSL/SSH/etc too.

Let me know if there are any problems.

Pop the champagne, throw on your evening gown, get this party started. We've just released the very first packaged "plan" for hosting, and boy howdy is it exciting.

For those who are interested in basic web hosting specifically for blogging, We've got the plan for you.

For only $3.00/mo, you can get 300Mb of space, FTP access, a pre-installed Habari blog (Packed with fantastic themes and plugins), a free E-Mail account (or forwarder), AND the option of getting a custom-made blog theme from a professional designer.

This might not seem like much, but combine that with the quality of Itrebal Webhosting, its flexibility, and its support, and you get a smokin'-hot deal thats ripe and ready to eat.

There was a pretty nasty bug discovered in the Linux kernel version I was using that allowed those with SSH access to create a program that escalated their privileges and allowed them to take control of the server. I've upgraded the kernel and resolved the issue successfully, with a very minimal amount of downtime.

Information regarding the exploit: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953

Only one day after the release of PHP 5.2.5, I've updated PHP to it. There shouldn't be any issues regarding it. If there are, let me know.

Graham

All of the email services should fully support SSL/TLS now.

If you would care to use it, simply connect to itrebal.com as the server.

Graham

I upgraded PHP from 5.2.3 to 5.2.4 this evening. Everything appears to be working as expected, if there are any problems - let me know.

Graham

I bought an SSL certificate that has been installed. I've set it up so that https://itrebal.com will give you the same content as http://tools.itrebal.com - I realize that this is unconventional, but I figured I'd set it up so you don't have to send as many passwords over clear-text.

Graham

Today I disabled Spam Assassin, Greylistd, clamav, and several other things in my mail server. Instead I've replaced them with a system called ASSP: Anti-Spam SMTP Proxy. Basicly it runs all those things before the server accepts the email, therefore cutting down on disk space/computational time wasted/etc. It should be quite an upgrade, and should further decrease the amount of spam you receive. Because it denies spam right at the SMTP receive level, it has the potential to remove your email address from spam databases.

Graham

I'm going to be out of town starting tomorrow. I'll have access to email and this blog throughout and so I'll be able to keep everything running up to par. If you need anything urgent, email remi@wolerized.com and he has permission to maintain the server.

Graham Christensen

First off, I'd like to extend my deepest apologies for this evening's extended downtime. It was a combination of poor planning and execution that led to the downtime, and it shouldn't happen again.

It started out with a RAM upgrade from 512MB to 1GB today. My kernel happened to be old and not support 1GB of RAM, and so I needed to upgrade. I found the proper kernel in the apt-get repositories and installed it, all smoothly. After I had installed the new kernel I typed 'telinit 0' (shutdown)instead of 'telinit 6' (restart). Normally this wouldn't be too big of a problem: it would shut down and then I would go to the Remote Reboot panel, type in my password and reboot the machine. Unfortunately I couldn't remember my password for the remote reboot panel, so I requested a new password. This, of course, was tied to my email account hosted on the machine that was, of course, not running at the moment. At that point I emailed tech-support to have the machine booted up from their end of the connection. That worked, and now everything is working as expected.

My deepest apologies,
Graham Christensen

Four days ago I performed a system upgrade from Debian Sarge to Debian Etch, providing more up-to-date and secure software for your consumption. This upgrade involved a system reboot for the kernel, and unfortunately I'm going to have to take it down for a little bit shortly.

To keep up with demands on my server I'm going to upgrade the available RAM in the system from 512MB to 1GB. I'm planning on having this executed on Friday the 27th at 17:00 GMT. This will give more room for the applications you all have requested to breathe and function more effectively. If you have any problems with this time, please let me know in a comment and I'll try to work around it.

The FTP errors have been resolved thanks to the help of Remi_Woler on Freenode. I stopped using ProFTPd and installed Pure-FTPd from source, and set it up similarly to the previous setup. It should be all working as of this post, if not - let me know.

This fixed a common problem of random timeouts and things, we'll see.

I ordered Exim: The Mail Transfer Agent from Half.com, so I can learn more about The Beast.

If you couldn't tell already, Exim (or any mail server, for that matter) isn't my strong point and it has become one big mess. The configuration files are all a jumble, and I could barely figure it out by following step by step instructions where I needed to stray from the directions.

I'm going to mirror the setup locally here and test it out before I move it to the main server, so don't worry too much, but anticipate better email service. Possible improvements include a webmail front-end.. we'll see.

This all started when I was trying to figure out how to fix the problem I've been having with Google. Since many domains have multiple mail servers, it would be difficult to catch them all. I struck up a conversation with Trii from Freenode about it, and he suggested SQLGrey, a similar implementation that will automatically detect mail servers from the same domain and allow them as valid re-tries. I wanted to try to implement this, but the Exim configuration was quite overwhelming and messy. I'm going to try to clean it up and resolve this.

Graham

I've setup Greylistd to cut down on spam. It works like this:

When an email from an unknown email address sends mail to the server, it tells the server there was a temporary failure and writes the email to a db of some sort. A properly constructed email server will try again a moment or two later, resulting in the greylistd server permitting the mail, and any subsequent to pass through. A "standard" spam server won't try to resend the email resulting in the email not being put through.

This has been having minor problems with multiple outgoing SMTP servers, as when the first one fails it passes it over to the next one to try again. The server switch changes the IP and doesn't confirm the email address with Greylistd. Google is the biggest issue with that, and I've whitelisted *.google.com.

If you have any problems or concerns, comment or email me at graham.christensen@itrebal.com.

Graham

Recently errors have been coming in regarding FTP access via a PASV connection. I've researched the issue and have discovered its cause.

The configuration file for ProFTPd was missing a directive to limit the PASV ports to 60,000 - 65,535 instead of 1024 - 65,535. The ports from 1024 - 60,000 have been blocked for security reasons and therefore connections were not successful. The line has been added back, and it should be working just fine.

If you still have errors, comment to let me know or email me at graham.christensen@itrebal.com.

Graham