Una tecnica per prevenire un po’ di spam e’ quella di usare delle liste di IP blacklistati e piu’ precisamente le RBL (Real-time Blackhole List) o DNSBL. Avevo gia’ parlato di come usare i filtri bayes di Spamassassin, questa invece e’ un’altra soluzione meno invasiva per il sistema e molto piu’ semplice da usare, ovviamente e’ possibile (anzi e’ meglio) usarle entrambe.

In this post, I include a script that can generate Self-signed X509 certificates (for use with https for example) with several names for the server. This is required because the certificate exchange is made on a lower level than the protocol exchange. For example, Apache can deliver to different domain names, but only one certificate can be used because it is asked before the domain name negotiation. So aliases must be included in the certificate or warnings are printed to the user.

So here is the script. Just run it with the main name for the server in first place, and the other names after it.

Do not hesitate to change the default values in the auxiliary and mandatory openssl-conf.cnf file.

The Exim 4 source code supports authentication with SASL since version 4.43. Debian started enabling this feature in exim4_4.50-2. After I’ve had upgraded to that version and replaced my saslauthd authenticators with brand-new cyrus_sasl authenticators, I’ve noticed that auth.log got flooded with entries like ‘exim4: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory.’

I’ve recently changed my network connection at home to a provider which assigns dynamic addresses. Exim always provided a broken HELO/EHLO name to my smarthost since then because my externally visible hostname changes each time I connect. I’m now using Exim’s Perl interface to lookup the assigned hostname when connecting my smarthost: