Re: [DNG] meta: list
On 9/9/22 3:24 am, Simon Hobson wrote: Marjorie Roome via Dng wrote: I configure strict postfix rules that incoming mail should have a reverse DNS. I find grey-listing to be by far the most effective spam blocker. I use postscreen rather than grey-listing. It does much the same delay function as grey-listing but also does timing and protocol violation checks https://www.postfix.org/POSTSCREEN_README.html https://www.linuxbabe.com/mail-server/configure-postscreen-in-postfix-to-block-spambots It does require a few minutes thinking about your master.cf structure, but that's a good thing anyway. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] update error
'$ apt update' wrote on Thu 08 Sep 2022 08:57:21 PM CEST: > An error occurred during the signature verification. The repository is > not updated and the previous index files will be used. GPG error: > http://pkgmaster.devuan.org/merged chimaera InRelease: The following > signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository > (Amprolla3 on Nemesis) https://www.devuan.org/os/packages wrote Thu 08 Sep 2022 08:58:17 PM CEST: > To use deb.devuan.org, you must have devuan-keyring version > 2022.09.04 or higher. '$ dpkg -l *devuan-keyring' wrote on Thu 08 Sep 2022 08:58:26 PM CEST: > ii devuan-keyring 2017.10.03 '$ cat /var/log/apt/history.log' wrote on Thu 08 Sep 2022 09:02:34 PM CEST: > Start-Date: 2022-09-07 19:47:08 > Commandline: /usr/bin/apt-get upgrade -y -q > Upgrade: [...] Dear currently so silent list: Something seems wrong... is it just that I missed to /pgkmaster/deb/ in my sources.list? libre Grüße, Florian -- \ \\ \ \ | | / \ | ils sont | | brainfrickin' FOUS | |ces romains!| \__/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6
Curtis Maurand wrote: > I think this is all great right up until you need a fixed address for > something like a mail server or a web server. That is no more of a problem with IPv6 as it is with IPv4 - if you have a “poor quality” ISP that doesn’t do fixed addresses then you have a problem with anything that needs a fixed(dish) IP. > So far, I've found IPV6 to be unreliable. In what way ? I’m not currently running IPv6 at home as I’ve not got round to reconfiguring the network to use my own (pre-systemd Debian, Linux VM) router, and the ISP supplied router doesn’t have the option to forward (IIRC) GRE needed to make my HE tunnel work. But in the past when I have had IPv6 running, it’s worked fine. I didn’t run my email over IPv6 for the simple reason that at the time, there was one element of my software stack that didn’t fully cope with it. Again, not found time to update everything - I believe that one issue was fixed a while ago. Going back probably around 10 years, I enabled IPv6 on our office network and waited to see if anyone noticed - no-one did, and we didn’t start experiencing new problems. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Marjorie Roome via Dng wrote: > I configure strict postfix rules that incoming mail should have a > reverse DNS. Ah, we’re talking two different checks. I too reject connections if there’s no reverse DNS, but ideally that reverse DNS should forward resolve to a list (one or more IPs) containing the IP of the connecting device. It’s this latter bit that people seem too incapable of getting right. But while rejecting “no reverse DNS” does block a lot, there is a lot of spam that comes from addresses that have generic reverse DNS entries - many ISPs have reverse DNS setup for their customer IP ranges along the lines of a-b-c-d.dynamic.ispname.net. I find grey-listing to be by far the most effective spam blocker. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Seeking professional mentor (was Re: meta: list)
>On Thursday, September 8, 2022, 04:35:35 a.m. PDT, Steve Litt > wrote: >> Would anyone have the infrastructure to help us less advantaged FOSS >> advocates >> who got trampled on by big tech and the pandemic with the appropriate email >> address >> to stay involved in the discussion if this experiment happens? >I don't understand the preceding question. To explain: I used to run a small solo FOSS advocacy project where I recycled computers and gave them away to kids and non-profits and taught them some basic digital literacy skills. I did about 200 on my own. In a heavily Microsoft-centric community. Should I explain what the impact was on my small business here? I hope not. I've since retrained with a better CS skill-set and wrote my LPIC-1 certification to go with my work, but the pandemic put me homeless in an RV instead and dependent on a social support system that doesn't care that I took advantage of free online resources to build those skills and certainly does not care about FOSS. The original poster sounded like I would need to be running my own domain and email service to participate in your gmail resistance experiment. I don't have the means to do that on my own at this time. I *could* look up documentation to set up email service on my own, although I've not done that before. >> I just got here and I >> love it. I'd otherwise need a bit more time if all the wise old veterans are >> leaving to go >> somewhere else :) >Whoaaa! As far as I know, neither I nor anybody else was advocating changing or >abandoning THIS list. I would be very against that. I thought we were talking >about >an SMTP that would bounce gmail krap and not bounce DMARC, DKIM, OATH2 and all >the >other clutterment the big boys are using to try to marginalize email so their >walled >gardens have no competition. Perfect! As long as I've already stuck my foot in my mouth on list, is there anyone from the Devuan community that would like to help mentor someone into a new career as a system administrator? I've been very unhappy in other communities because I understand the problems big tech is causing and this place seems to share my values. I feel really at home here. I finally got around to installing Devuan on bare metal to use as my main system and I really like design choices that have been made. I come from this little minimalist Debian based system called Crunchbang and have been rolling my own from scratch since it was discontinued. It was very easy and comfortable to do this with Devuan as well. It's also been really nice to be reading posts on a mailing list with veterans who know what they are doing. It would be awesome if someone from this community had just the bare minimum of time to help me figure out how to get back to work using a system like this that I feel comfortable using both on technical and ethical levels. If anyone has suggestions at all that could help me feel, free to respond in whatever way feels best for you. In any case, thanks so much to this community for building such a rocking system for me to get work done on! I love it! Warm Regards, Jason Jason Kinney Ethical Technologist Surrey, BC, Canada jkinney23 at yahoo.ca ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan.org signature problem
On Thu, Sep 08, 2022 at 08:53:01PM +0100, Antony Stone wrote: > On Thursday 08 September 2022 at 19:52:20, Joel Roth via Dng wrote: > > > Hi list, > > > > Upgrading a machine to daedalus, apt-get update returns this error: > > > > W: GPG error: http://deb.devuan.org/merged daedalus InRelease: The > > following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan > > Repository (Amprolla3 on Nemesis) > > > Is this easily resolved? > > See https://lists.dyne.org/lurker/message/20220903.172703.1050aabb.en.html > and > https://lists.dyne.org/lurker/message/20220903.173401.2043605d.en.html Thank you. This does the trick. > Antony. -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan.org signature problem
On Thursday 08 September 2022 at 19:52:20, Joel Roth via Dng wrote: > Hi list, > > Upgrading a machine to daedalus, apt-get update returns this error: > > W: GPG error: http://deb.devuan.org/merged daedalus InRelease: The > following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan > Repository (Amprolla3 on Nemesis) > Is this easily resolved? See https://lists.dyne.org/lurker/message/20220903.172703.1050aabb.en.html and https://lists.dyne.org/lurker/message/20220903.173401.2043605d.en.html Antony. -- Python is executable pseudocode. Perl is executable line noise. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] devuan.org signature problem
Hi list, Upgrading a machine to daedalus, apt-get update returns this error: W: GPG error: http://deb.devuan.org/merged daedalus InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) E: The repository 'http://deb.devuan.org/merged daedalus InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Is this easily resolved? I'd like to upgrade today, securely if possible. Thanks -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] installation images
On Thu, 2022-09-08 at 12:29 +0100, Peter Duffy wrote: > On Thu, 2022-09-08 at 21:21 +1000, Ralph Ronnquist wrote: > > On Thu, Sep 08, 2022 at 11:46:50AM +0100, Peter Duffy wrote: > > > I assume that at some point, the installation iso images are > > > going > > > to > > > be rebuilt to include the new devuan-keyring package? Until this > > > is > > > done, a devuan install can only be completed by using the > > > wget/chroot/dpkg kludge. > > > > > > Given LP's move to M$, there's probably more interest than usual > > > in > > > devuan and other non-systemd distros at the moment - so maybe > > > this > > > needs doing quite urgently. > > > > > > I did manage to rebuild the chimaera netinstall image with the > > > new > > > devuan-keyring package yesterday (I needed to install several > > > chimaera > > > VMs, and it was an interesting challenge). The new image appears > > > to > > > work (install on a virtualbox VM completed without a problem, and > > > the > > > VM booted fine). If it would be helpful, I'm happy to give > > > details > > > of > > > how I did it - but I'm conscious that although it seems to work, > > > my > > > new > > > image is probably slightly different from the original, and I > > > don't > > > want to muddy any waters. The best by far would be to have new > > > images > > > available, built using the standard process. On the other hand, > > > it > > > might be good for the process of generating debian/devuan > > > installation > > > images to be more widely known (there doesn't seem to be a lot of > > > information on the web about it, and what there is seems mostly > > > to > > > be > > > out-of-date and/or broken). > > > > To build a chimaera netinstall, the following command sequence > > might > > work: > > > > $ git clone https://git.devuan.org/devuan/installer-iso.git > > $ cd installer-iso > > $ TRIAL=yes ./build-sudo chimaera netinstall 4.2.meown > > > > You obviusly need sudo, or you may run it as root. > > > > That scripting will firstly debootstrap a chimaera installer > > building > > hosting filesystem, then chroot into that for the actual iso > > building. > > The resulting ISO ends up at chimaera.$ARCH.fs/installer-iso/ with > > the > > name of netinstall-$ARCH.iso. > > > > I'm doing like that so it must work the same for everyone ;) > > > > Ralph. > > Thanks for that - I was hoping that the tools to do this were > generally > available. I'll give it a try. > That worked fine - the image built successfully, and an install from it on a virtualbox VM was also successful. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, 2022-09-08 at 11:29 +, jkinne...@yahoo.ca wrote: > Would anyone have the infrastructure to help us less advantaged FOSS > advocates > who got trampled on by big tech and the pandemic with the appropriate email > address > to stay involved in the discussion if this experiment happens? I don't understand the preceding question. > I just got here and I > love it. I'd otherwise need a bit more time if all the wise old veterans are > leaving to go > somewhere else :) Whoaaa! As far as I know, neither I nor anybody else was advocating changing or abandoning THIS list. I would be very against that. I thought we were talking about an SMTP that would bounce gmail krap and not bounce DMARC, DKIM, OATH2 and all the other clutterment the big boys are using to try to marginalize email so their walled gardens have no competition. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Would anyone have the infrastructure to help us less advantaged FOSS advocates who got trampled on by big tech and the pandemic with the appropriate email address to stay involved in the discussion if this experiment happens? I just got here and I love it. I'd otherwise need a bit more time if all the wise old veterans are leaving to go somewhere else :) Thanks! Jason On Thursday, September 8, 2022, 03:48:19 a.m. PDT, Steve Litt wrote: On Thu, 2022-09-08 at 10:29 +0200, marc wrote: > > I am considering starting an admin list, where one can only > subscribe with an address starting with admin@... and > perhaps only one admin@... per IP. I suggest a name other than admin@, because people are probably using admin@ for other purposes already. Maybe something like cleanmail@. I could subscribe with cleanm...@troubleshooters.com . I deleted your rant, but see a lot of value in your rant and would like to participate in your experiment, if you do it. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] installation images
On Thu, 2022-09-08 at 21:21 +1000, Ralph Ronnquist wrote: > On Thu, Sep 08, 2022 at 11:46:50AM +0100, Peter Duffy wrote: > > I assume that at some point, the installation iso images are going > > to > > be rebuilt to include the new devuan-keyring package? Until this is > > done, a devuan install can only be completed by using the > > wget/chroot/dpkg kludge. > > > > Given LP's move to M$, there's probably more interest than usual in > > devuan and other non-systemd distros at the moment - so maybe this > > needs doing quite urgently. > > > > I did manage to rebuild the chimaera netinstall image with the new > > devuan-keyring package yesterday (I needed to install several > > chimaera > > VMs, and it was an interesting challenge). The new image appears to > > work (install on a virtualbox VM completed without a problem, and > > the > > VM booted fine). If it would be helpful, I'm happy to give details > > of > > how I did it - but I'm conscious that although it seems to work, my > > new > > image is probably slightly different from the original, and I don't > > want to muddy any waters. The best by far would be to have new > > images > > available, built using the standard process. On the other hand, it > > might be good for the process of generating debian/devuan > > installation > > images to be more widely known (there doesn't seem to be a lot of > > information on the web about it, and what there is seems mostly to > > be > > out-of-date and/or broken). > > To build a chimaera netinstall, the following command sequence might > work: > > $ git clone https://git.devuan.org/devuan/installer-iso.git > $ cd installer-iso > $ TRIAL=yes ./build-sudo chimaera netinstall 4.2.meown > > You obviusly need sudo, or you may run it as root. > > That scripting will firstly debootstrap a chimaera installer building > hosting filesystem, then chroot into that for the actual iso > building. > The resulting ISO ends up at chimaera.$ARCH.fs/installer-iso/ with > the > name of netinstall-$ARCH.iso. > > I'm doing like that so it must work the same for everyone ;) > > Ralph. Thanks for that - I was hoping that the tools to do this were generally available. I'll give it a try. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] installation images
On Thu, Sep 08, 2022 at 11:46:50AM +0100, Peter Duffy wrote: > I assume that at some point, the installation iso images are going to > be rebuilt to include the new devuan-keyring package? Until this is > done, a devuan install can only be completed by using the > wget/chroot/dpkg kludge. > > Given LP's move to M$, there's probably more interest than usual in > devuan and other non-systemd distros at the moment - so maybe this > needs doing quite urgently. > > I did manage to rebuild the chimaera netinstall image with the new > devuan-keyring package yesterday (I needed to install several chimaera > VMs, and it was an interesting challenge). The new image appears to > work (install on a virtualbox VM completed without a problem, and the > VM booted fine). If it would be helpful, I'm happy to give details of > how I did it - but I'm conscious that although it seems to work, my new > image is probably slightly different from the original, and I don't > want to muddy any waters. The best by far would be to have new images > available, built using the standard process. On the other hand, it > might be good for the process of generating debian/devuan installation > images to be more widely known (there doesn't seem to be a lot of > information on the web about it, and what there is seems mostly to be > out-of-date and/or broken). To build a chimaera netinstall, the following command sequence might work: $ git clone https://git.devuan.org/devuan/installer-iso.git $ cd installer-iso $ TRIAL=yes ./build-sudo chimaera netinstall 4.2.meown You obviusly need sudo, or you may run it as root. That scripting will firstly debootstrap a chimaera installer building hosting filesystem, then chroot into that for the actual iso building. The resulting ISO ends up at chimaera.$ARCH.fs/installer-iso/ with the name of netinstall-$ARCH.iso. I'm doing like that so it must work the same for everyone ;) Ralph. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, 2022-09-08 at 10:29 +0200, marc wrote: > > I am considering starting an admin list, where one can only > subscribe with an address starting with admin@... and > perhaps only one admin@... per IP. I suggest a name other than admin@, because people are probably using admin@ for other purposes already. Maybe something like cleanmail@. I could subscribe with cleanm...@troubleshooters.com . I deleted your rant, but see a lot of value in your rant and would like to participate in your experiment, if you do it. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] installation images
I assume that at some point, the installation iso images are going to be rebuilt to include the new devuan-keyring package? Until this is done, a devuan install can only be completed by using the wget/chroot/dpkg kludge. Given LP's move to M$, there's probably more interest than usual in devuan and other non-systemd distros at the moment - so maybe this needs doing quite urgently. I did manage to rebuild the chimaera netinstall image with the new devuan-keyring package yesterday (I needed to install several chimaera VMs, and it was an interesting challenge). The new image appears to work (install on a virtualbox VM completed without a problem, and the VM booted fine). If it would be helpful, I'm happy to give details of how I did it - but I'm conscious that although it seems to work, my new image is probably slightly different from the original, and I don't want to muddy any waters. The best by far would be to have new images available, built using the standard process. On the other hand, it might be good for the process of generating debian/devuan installation images to be more widely known (there doesn't seem to be a lot of information on the web about it, and what there is seems mostly to be out-of-date and/or broken). ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Gregory Nowak was quoted by Simon Hobson: > > I have toyed more than once with the question of what would happen if > > a group of us running our own mail exchanges made the choice to > > reject mail from gmail.com with a 550? If a few of us did it, we might > > miss mail we maybe wanted to get. If a bunch of us did it, then a > > bunch of gmail users would complain to google. My guess is google's > > response would be "this is a free service; if it doesn't work for you, > > then don't use it.??? > > No, I'll tell you what Google's response will be : > > "Our system is working fine, the other system is broken". > Don't forget that this is a company that is quite happy to > simply change the rules on the basis that it's big enough that > the rest of the world will adapt. Look at the history of stuff > they've "just changed" because it suits them. Sticking > with email, they were one of the first to implement SPF > fully knowing that it would break most mailing lists and > mail forwarders around the world - and so most mailing lists > around the world had to update software & change setups to suit > Google's* new set of "how email is to work" rules. I know, > I had a customer facing mail server** and mailing list server. I am considering starting an admin list, where one can only subscribe with an address starting with admin@... and perhaps only one admin@... per IP. While I support the right of consenting adults to indulge in various risky behaviours, including bending over for surveillance capitalists, I'd like to think that a more selective list would lead to more worthwhile conversations. I am perhaps a bit unkind when I say we have reached the point where many people have been so captured by google and similar that a form of Stokholm syndrome has set in, and that useful conversation is often derailed with "but actually I like ads that are relevant to my interests", "the upgrade/feature treadmill is fun, and keeps us all safe/buying stuff" - and I regard the entire SPF/DKIM/DMARC/SRS/nonsense part of this. I remember the propaganda being that encrypted mail is too hard to implement, dear Barbie: And yet here we are - we now are supposed to have full on signatures in every mail, yet the keys aren't held by the user, and the mail isn't private, and google spams me anyway - WTF, where did we go wrong ? I suppose I am derailing things - but if you think the admin@ list is something worth doing, let me know (off list is fine too) regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng