Blog

Email commonly includes the sender’s address in two places. The From header in the message body is the one that most people are aware of, and this is the address that email recipients see. However, the sending mail server also adds a Return-Path before the message body. Recipients don’t generally see this address, but it is important for two reasons. First, it is used in a number of anti-spam checks. Second, it’s the address that typically receives non-delivery reports if a message can’t be delivered for any reason.

Here’s how to set up a VPN that has all these features:

• Works natively on iOS and macOS
• Doesn't require you to manage certificates or keys
• Automatically connects when your device is online

It should also work on Windows*, and Android via the StrongSwan app, but I haven’t tested it. Please post about your experiences using this guide with other devices in the comments!

MySQL has supported TLS for TCP/IP connections for some time now, but there are a number of subtleties involved in getting it working. If you need to allow remote access to your databases, you really ought to be using TLS to protect your login details and any confidential data that might be transferred. Here are the various steps required to enable TLS in MySQL on Debian and Ubuntu. Note that MySQL still refers to everything as SSL, but it’s more correct to call it TLS as SSL is deprecated these days. The same instructions also ought to work for MariaDB.

At some point in the last few months, ProFTPd stopped working on several of the servers we maintain. Since it was working before, we didn’t change any of the configuration files, and it stopped working on several servers independently, I’m guessing that this was due to a change in the default config of ProFTPd, or at least the Debian Jessie version of ProFTPd. There’s an easy workaround but not a real solution at time of writing.

There is a lot of conflicting advice out on the internet about how best to construct an email with attachments using standard Python libraries. None of it explains why to do things in certain ways. Here is a definitive, tested bit of code that will create an email with attachments that will work correctly. I’m posting it here so I don’t need to spend any time working it all out again!

In this post, I describe how to install and configure mailman for a virtual host on a Debian Jessie server using Apache, Postfix and SpamAssassin. Instructions on how to do this are in various places on the internet, but I didn’t find anywhere that collected all the different pieces together. These instructions should also work for Ubuntu.

Windows versions prior to Windows 8 cannot view the content of CD/DVD images such as .iso files without the use of an external program. A long time ago I used to use a free program called Daemon Tools to open/mount CD image files. Nowadays there are several alternatives out there, but nearly all of them seem to have issues on Windows 7. Old versions of Daemon Tools don’t work. Newer versions allegedly include browser toolbar spyware, as do most other free alternatives.

Here’s how to encrypt a single file using a password and a salt:
openssl aes-256-cbc -salt -in filename -out filename.enc -base64
Type a strong password when prompted.

Here’s how to decrypt the same file:
openssl enc -d -aes-256-cbc -a -in filename.enc -out filename
You’ll need to re-enter the passwod that you used to encrypt it.

If you want to encrypt multiple files, combine them into a tar or zip archive before encrypting them.

Building a small Linux cluster is a lot simpler than I thought it would be. That said, there are a number of snags and pitfalls along the way, and it’s hard to find a comprehensive and up to date set of instructions online. There are also different approaches, either doing everything manually or using a system such as LTSP. This post describes my experiences setting up a cluster manually.

After spending a long time trying to work out why some pings were randomly dropped between hosts on different segments of a virtual LAN connected by a transparent IPsec VPN tunnel, I discovered that the MTU for the underlying connection on both ends of the VPN should be set the same. The default for ADSL is usually 1492, whereas 1500 is frequently used for other connection types such as cable or fibre. When I changed the settings at both ends to 1442 (allowing some overhead for IPsec) then the random ping loss stopped.