thejoker8814

joined 1 year ago
[–] thejoker8814 8 points 8 months ago (8 children)

I’m curious, you got anything light reading you can recommend to ease into the topic, please pm me. I’d appreciate, if it wasn’t another post which basically recites the content of another post, and so on - far too much out there these days)

[–] thejoker8814 1 points 1 year ago (1 children)

Don’t get me wrong, just needed to verify that it might be a tool to evaluate.

I had a first try yesterday, but something with my existing SSH .config didn’t work, when I tried to add some “connections”. Is there a logical reason, why Xpipe forces a connection to be established, before adding it in the “search connections” - for me they fail, because I exclusively use key-based SSH auth, but I load my keys on the fly from KeePassXC when I need them, not before.

Nice to see a modern and snappy Java application for a change.

[–] thejoker8814 1 points 1 year ago

Also more like a service, than a self-hosted software.

smtp2go.com - I use it for smtp sending, but they also provide an API (which seems to be REST). 1000 emails per month are free - just slide the email volume down to 1k and you can sign-up for free.

They also have setup SFP and DKIM and reputable IPs for sending, which all helps to get e-mails delivered reliable. If you also add DMARC to your sending domain, you won't end up in any spam-folder.

Small bonus, easy to use link tracking and unsubscribe links can be inserted.

[–] thejoker8814 1 points 1 year ago (3 children)

@[email protected] First of all - thanks for sharing it! 😍 Just a quick question, after I took a first glance - it is just a management tool application which abstracts the use of CLI management tools like ssh, ssh-keygen, podman, etc... and consolidates it into a single UI, right? - So it is not just "another" service to host, correct?

[–] thejoker8814 10 points 1 year ago (1 children)

I cannot recommend any consumer router brand, at least not with stock firmware, because any of them don’t have guaranteed update policy. Further, some of the stock firmware contains insecure protocols, like telnet (yes, still), outdated ciphers (SSL, TLS 1.0), and some feature you want is always missing. Further they often lack innovative features like WireGuard in updates, mostly bug fixes and security patches.

That’s why I would urge you to consider using one of the router/ gateway distributions listed below.

Depending on your requirements, I can recommend the following router OS:

  • OpenSense (router without WiFi)
  • OpenWRT (router with WiFi)

If you have an old laptop or pc to spare, you could at least give those two a try.

Someone already mentioned it, OpenSense runs only on x86 / PC Hardware (and MiPS). OpenWRT can be flashed onto a lot of consumer routers as well as be installed on traditional x86 / PC hardware.

OpenWRT has a hardware table on their website for supported models. Some of them come cheap if you buy them used and are pretty decent.

If you like more flexibility, I can recommend building your own router. Used thin clients, Iike for example Fujitsu Futro S920. Thin clients are basically low-powered PCs, which are often cheap on the used market and provide a variety of hardware interfaces. Most use Intel NICs, some have secondary NIC, can hold SATA disks, provide interfaces for WiFi (pice, miniPCIe, m.2) or extension cards, have high efficient power supplies and are in majority are passive cooled. Or get some SBC/ Low-Powered board with the interfaces you need. It doesn’t need to be new hardware.

[–] thejoker8814 4 points 1 year ago

Please don’t host a router on a Hypervisor VM. That does not benefit security. First of all a router is an integral part of the (home) network, therefore it should not be dependent on anything, like a hypervisor. You want to be able to replace or update your server/ hypervisor independently from each other, for example in 5 hrs your router might be still rocking all data, but you would want to upgrade your home server / hypervisor. Furthermore all those OpenWRT, PFsense, OpenSense kernel/ OS hardening is more effective on the hardware itself, especially all RAM/ Memory based security measures. Also if you truly want to be more secure, you use dedicated hardware for multiple reasons, performance is dedicated to only routing/ firewall processing (no other service/ VM can block or slow down packet processing), reducing the attack surface (less software, less attack surface), easier to update.

[–] thejoker8814 3 points 1 year ago

Many given good advice on hardware, and there are plenty other threads with a lot of good recommendations.

Regarding OS, I would recommend to ease into it, and try some before committing. Just try a few services, how stable it is and if the configuration complexity meets your personal learning expectations. (Self hosting is only fun, as long as you can get everything up and running. If you need 36hrs of troubleshooting for every 2nd problem, that awe for elf hosting melts pretty fast.)

I started myself with OMV 0.x, and since then it’s gotten pretty decent. But I switched to plain Debian and CLI tool. After learning enough using OMV as my starting point. I also tried FreeNAS in the beginning, but that wasn’t for me.

And I recently discovered CasaOS, wich is pretty neat and has a lot of benefits, but I haven’t tested it yet.

[–] thejoker8814 1 points 1 year ago (1 children)

Very interesting, do you have any source or references that springs to your mind? I have emergency SOS enabled, but it never happened to me that it has been falsely triggered. And I can’t imagine many scenarios were it would be.

[–] thejoker8814 1 points 1 year ago

Was signed up there as well, when they started like years ago. But I couldn’t get back into their free tier.

[–] thejoker8814 1 points 1 year ago (1 children)

My bad, I meant SPF record.

I have some issue with just that, all emails will end up in a spam filter (if your mail provider is thorough). Also your IP might end up on a public spam/ block list. To much to go wrong, in case some alerts need to reach me.

Plus I use a strict DMARC, so at least a correct SPF is needed.

I’m using postfix on my machines, all services send to it and it just to relays via a SMTP service. So only one point to configure.

I was specifically looking for the last part, a SMTP relay service.

[–] thejoker8814 1 points 1 year ago

It sounds very promising.

Thanks. I really appreciate all those “niche” products. With just web research I wouldn’t have found it.

 

Hi there,

what SMTP relay's / services do you use or can recommend for sending monitoring alerts.

I'm running a few services, but mostly all my custom scripts, and tasks are configured to sent an e-mail if something goes "off-script". Before I used my gmail account - but I'm in the middle of migrating away, and my requirements have evolved.

I've searched but I haven't found anything good. Services like Mailgun, Mailtrap etc. are nice - but their bundle's are a bit much for my taste.

The service/ relay should meet the following requirements.

  • bring your own domain (use your own domain/ or sub-domains as sender address)
  • must have DKIM (anything else is not a serious service!)
  • support SMTP via TLS
  • support multiple SMTP clients, with each different credentials/ secrets
  • Allow custom header/ envelope changes

At the moment I'm looking at Amazon SES, because I don't expect a lot of messages (I had 3 alerts in the last 1,5 yrs).

view more: next ›