Zuper-quick post for when this bites me again in the future!

Tonight I upgraded from Zentyal 6.2 to Zentyal 7.0. Smooth as butter, everything went great.

Until I logged in, and my shiny Actual Paid Money SSL certificate had vanished, replaced by a self-signed commoner's certificate. Piffle.

Instructions for installing a custom SSL certificate in Zentyal are actually kinda shaky, so here you go:

cd /var/lib/zentyal/conf/ssl/
mkdir old
mv * old
nano ssl.key
nano ssl.cert
cat ssl.cert ssl.key > ssl.pem
chmod …

Turns out this is my third Amavis article. I guess it's just one of those systems.

Heads up, if you're trying to do this, make sure you also read my other article about the "banned_files_lover" thing.

Today I'm on a mission to: 1. Drop all incoming Office '97 files (they're predominantly malicious these days) 1. Drop all incoming Macro-enabled Office 2007+ files (there aren't legitimate reasons to receive these in my scenario) 1. Drop any emails containing a .onion address 1. Drop any emails containing a bitcoin wallet

Dropping Attachments …

About 7 months ago, I left Nginx and moved to Caddy. I've found it super easy, and have now experienced using it as a reverse proxy, a static site server (this one!), as well as a hosting a handy place for me to copy my favourite Kaomoji.

Update 2021-01-20: I had a bug! By default, Caddy serves this without a Content-Type header. However, the RFC specifies that the response should be explicitly Content-Type "text/plain". Thanks to klausenbusk for letting me know!

Note: the Caddyfile fragment to generate https://shrug …

TrueNAS, and FreeNAS before it, has supported UPS via the NUT software package since forever. But most people using it seem to be using USB-connected UPS devices. I don't have one of these. I'm dealing with an IPv4-based APC ups, specifically the Smart-UPS X 1500 (SMX1500RMI2UNC), with an AP9631 NMC2 card.

You're probably here because you're in the same boat: trying to set up a non-USB or Ethernet-based UPS under FreeNAS/TrueNAS, and you can't. You've noticed the TrueNAS console will not shut up about errors which read something like …

Inkbird were having a special in November, so I got a sous vide for Christmas! There are heaps of places with recipes for the best sous vide eggs, most notably the always-outstanding Serious Eats, but also an excellent write-up on Salt Pepper Skillet, and of course sous vide manufacturer Anova Culinary with a somewhat briefer post.

I submit to you that none of these are the best sous vide eggs. In my eyes, the best egg has a completely opaque white (not rubbery and not snot), with a semicooked gooey …

Logs of your client DNS queries can be a really good tool for incident response. I've finally got this implemented but it was much more of a struggle than I expected it to be, so here's my story!

We've got a pfSense firewall running as a DNS fowarder, and a Zentyal server running BIND9 as the authoritative local server. The firewall rules block all UDP/53, so all DNS queries go either directly to the firewall, or (more commonly) to the Zentyal server for resolution. This means we have two …

I've loved daal (or dal or dahl or dhal etc) since my trip to India in 2019... Ugh, that seems so interminably long ago now, in the final weeks of the long decade of 2020. Anyway.

So there's this recipe I've followed a handful of times. I like it, it's similar to what I enjoyed while travelling through Jaipur, but it doesn't really kick the same way that the food in India did, so I always find myself tweaking it. The base recipe came from https …

I really like iRedMail, and I also really like Lynis.

However, they don't exactly like each other... or, more accurately, some of Lynis' recommendations can cause a couple iRedMail components to fail. Today we're talking about SpamAsassin.

One of the suggestions from Lynis is to turn off the 'execute' bit on compilers for users who aren't either the owner or in the owner group (the 'other' execute bit). For example:

root@server:/# chmod o-x /usr/bin/as
root@server:/# chmod o-x /usr/bin/gcc

Easy peasy! But once you do …

If you've been running iRedMail for a while, eventually you'll probably start seeing 'user unknown' events in your daily logs:

* Backup all users' data under /var/vmail/backup/sogo/2020/11/01
<0x0x5574a64c36b0[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
<0x0x5574a64c36b0[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
2020-11-01 09:29:12.784 sogo-tool[29749:29749] user 'abdulm' unknown
2020-11-01 09:29:12.786 sogo-tool[29749:29749] user 'bent' unknown
2020-11-01 09:29:12.786 sogo-tool[29749:29749] user 'brettr' unknown
2020-11-01 09:29 …

A couple of months ago, the team at my day job asked me to write something for Mental Health Awareness Week, so today I'm sharing some of my personal experiences around depression. It's one of my longer articles, but the key message I want you to hear is: If you're struggling, speak with someone. Seriously, just lean over to your mate now and say "Hey, did you see that article from Eric today?" – that's all it takes to start a conversation, and believe me: sharing your feelings is a solid …