MX Backup - Postfix Email Server

By far the most popular set of articles I have written is my Raspberry Pi Email Server tutorial. Clearly, there are plenty of people who don't like relying on freemail providers like Yahoo, Outlook and Gmail for a variety of privacy and security reasons. However, there is one major drawback of hosting your own email server: if your server is taken offline for maintenance, or your internet connection is interrupted, then incoming email can not be delivered and may bounce. This tutorial will describe how to set up another server to act as an MX backup. The backup server will be hosted on a separate internet connection with a different WAN IP address, and have a lower priority than your primary mail server in your Mail Exchanger (MX) DNS record. When your primary server is offline other MTAs will send email to the backup instead, and the backup will hold them until your primary mail server comes back online, and then deliver them. No more bounced emails. The biggest challenge when setting up a backup MX is convincing a friend or family member to allow you to run a RasPi or some other server on their network; the rest of the setup is a breeze compared to the full mail server installation described in the main tutorial, because fewer components are required (just Postfix). This guide is written for Debian and its derivatives (Raspbian, Ubuntu etc.) but since a basic postfix installation is more or less the same across different distributions you should be able to use it for any distro. My backup server runs openSUSE.

Local BIND9 Caching DNS Server

This tutorial will show you how to configure a caching BIND9 server on your local network, and configure an OpenWrt router to use it. This should result in slightly quicker DNS lookups, but to be honest, you may not notice a huge difference (my DNS lookups now take 30% less time, but I don't think this has made page loading noticeably faster). Here are a few situations where it could be particularly worthwhile:

  • You have a large LAN with lots of clients, and you want to take some load off your router
  • You are using something like modsecurity's real time RBL lookups and you want to reduce latency
  • Your ISP's nameservers are slow but you would still like to use them
  • You are a curious soul and you want to learn about DNS ;)

Scantool - OBDII Car Diagnostic Software for Linux

My car has been a real pain recently: it has a recurring error code that the garage can't seem to fix (apparently, it's a fault in the air conditioning, but the car doesn't even have air con!). Taking the car to the garage to get the code cleared means I lose the car for a day, which is getting annoying. So, I decided to buy myself a USB connecter for the car's On Board Diagnostics (OBD) and see if I could get it working with Linux (specifically Kubuntu, but I doubt it matters). I was pleased to find that there was some decent Free Software available for Linux called Scantool that enabled me to read and clear the codes on my car. Here's how to install and use the software, and some screenshots...

Dynamic DNS with ddclient on Raspberry Pi and Ubuntu

This tutorial will show you how to configure ddclient on Raspbian and Ubuntu. Many tutorials don't explain what to do if your server is behind a router, but this one will. I recently set up a backup server on an internet connection that has a dynamic IP address. So far, I've been spoiled at home because my ISP (PlusNet) makes switching to a static IP address easy and cheap, so obviously I did that. This time though, I didn't have that option, and I didn't want to configure a dynamic dns client on that router either, so I had to set it up on the server itself.

Site now SSL by default

encrypt-all-the-things.png Google recently announced that it is going to start prioritising websites that offer HTTPS by default in its search engine results. At first, the positive effect will be small to give webmasters time to switch to HTTPS, but it will gradually become more of a significant signal. This is a good thing for the internet: SSL doesn't cost much for webhosts, and it makes it more difficult to spy on everyone all the time! The Electronic Frontier Foundation praised the decision calling it a "bold and welcome move to protect users". I wanted to start offering some of the services I run on my server to other friends and family, and I couldn't easily install the CAcert root on all of their devices, so this seemed like a good time to purchase a cert. The following describes how I configured the various services (Apache, Postfix, Dovecot) to use the new certificate from COMODO.

SSL Certificate Signing with CAcert for Raspberry Pi, Ubuntu & Debian

CAcert logo If you run your own website, email server or other services like OwnCloud at home then you may find yourself in need of a SSL certificate. When you install Apache, it generates a self-signed "snakeoil" certificate that can be used to encrypt your session. However, while this certificate is useful for testing purposes, it falls short in a couple of important ways:

  1. The snakeoil certificate has not been signed by an authority that your browser trusts, so your browser will throw an error when you connect.
  2. The common name on the certificate probably doesn't match your domain name. Another browser error.
  3. Short of manually inspecting the certificate's checksum, you have no guarantee that you are communicating with your own server - it could easily be an imposter using another self-signed certificate.

This tutorial will show you how to generate your own SSL certificate, and get it signed by the community driven SSL certificate signing authority CAcert. Once you have imported the certificate into your browser or into your operating system's root filesystem, your computer will automatically verify the identity of the server and you will enjoy error-free secure communications. Oh, and CAcert is free of charge!

Install OwnCloud on your Raspberry Pi

Owncloud Logo OwnCloud is a free (libre), open source equivalent to DropBox. As well as the program you install on your server, it has free desktop sync clients for Linux, Windows and Mac, and apps for Android and iOS. I’m just going to cover the server side of things for your Pi in this tutorial, because the desktop client can be found in the Ubuntu repos, and the app is on the Play Store. If you want the Android app free of charge, then install it via F-Droid.

Download BBC TV Shows with get_iplayer

What is get_iplayer, and why would you want it?

Get_iplayer is a FOSS program that allows you to download TV and radio from BBC iPlayer. The original developer stopped maintaining it at one point, but since it was licensed using the GPLv3 a few others were able to take over, and it’s still actively maintained. Hooray for free software! GPLv3.png You may find it useful if you have a slow internet connection at home that causes iPlayer to stutter, or if you want to download a TV show and watch it later when you’re not connected to the internet (e.g. on a tablet during a long plane journey).

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer