I’ve been a long-time user of K-9 mail on Android, but the combination of the dreaded doze (“syncing disabled”) bug and various bits of clunky UI persuaded me it was time to move on. AquaMail, on first impressions, is rather nice. It lets me set the Archive folder, and can Archive things in a couple of taps. It also has a better approach to folder management, not showing the entire list in most places, but rather the folders you’ve actually used. Well worth a few quid for the pro version.
I don’t know exactly who my church has outsourced @urc.org.uk e-mail to, but whoever it is clearly hasn’t read RFC822 (“SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet.”)…
Rather difficult to complain about the original broken address I found…
Update: They did get back to me via Facebook eventually. Still not had an answer on why postmaster@ doesn’t work, though.
Somebody should have thought of this, and it turns out that somebody did.
A couple of years ago, I wrote about setting up a network boot server on my home LAN. I said this meant “taking the job of doing DHCP away from the router and doing it myself on a Linux box”.
Reader, I was wrong.
Setting up my new connection from BT today, I really didn’t want to keep running DHCP separately on a Raspberry Pi. What I wanted was for the Pi to just talk to clients which wanted to do network boot, and leave the BT router to do DHCP for ordinary devices.
This exists, and it’s called proxy DHCP. dnsmasq on the Pi can handle it; this tutorial is the one I got working. Sadly proxy DHCP doesn’t seem to honour options, so I had to take the path prefix (option 210) and manually prepend it to all the paths in my boot config.
This is all back up and working now, and hopefully should prove useful and less disruptive for a few years yet to come.
Now that i have native IPv6 and DHCP is back on the router, the Pi ceases to be a single point of failure, though it’s been rock solid for nearly three years now.
It works – 10/10 on test-ipv6.com; can’t really say fairer than that. I did however enjoy the comedy reverse DNS:
$ curl http://files.dnorth.net/ipquick.php (05/04 19:19) 2a00:23c4:e81:3100:fdbc:e60a:226e:9903 broadband.bt.com
Oddly enough, broadband.bt.com doesn’t resolve forwards to every IPv6 address on their network, so why bother claiming the reverse?
Because why not.
I have an IPv6 only virtual machine hosted at Mythic Beasts. Sadly, I don’t have much time to play with it these days, so I’m retiring it next month. Meanwhile, I’ve got something working which I thought ought to be possible but failed at the last time I tried…
I participate in the minority sport of hosting my own e-mail. That means I run an IMAP server which mail clients can view and search messages using. For myself, I have native IPv6 on my home internet connection, but when I’m out and about, my mobile phone is still IPv4 only, and most of my relatives who I host mail for are v4 only too. Mythic and others have blogged at length on hosting websites behind their IPv4-to-IPv6 reverse proxy, but can it handle IMAP?
$ nc -vv proxy.mythic-beasts.com 993 (01/04 17:06) DNS fwd/rev mismatch: proxy.mythic-beasts.com != rproxy46-hex-a.mythic-beasts.com DNS fwd/rev mismatch: proxy.mythic-beasts.com != rproxy46-sov-a.mythic-beasts.com proxy.mythic-beasts.com [188.8.131.52] 993 (imaps) open
The fact that they’ve got it listening on the standard port for IMAP over SSL is encouraging. Let’s give it a go…
In addition to your IPv6 only VM, you’ll need a domain and you’ll need to point some DNS. The examples below assume you’ve CNAMEd imap6.example.com to proxy.mythic-beasts.com.
Part 1: Install and configure Dovecot
Couldn’t be easier if we’re using Debian:
# apt-get install dovecot-imapd
Configuring Dovecot to properly store mail is beyond the scope of this article, so we’ll just do some minimal setup.
Part 2: SSL
It’s 2017, and SSL certificates are free. So let’s get some.
# apt-get install dehydrated apache2 dehydrated-apache2
The Apache server is only necessary because I’m taking the path of least resistance to getting SSL certificates from letsencrypt, which involves them verifying control over the domains using HTTP based challenges. You could set up Mythic’s DNS API to eliminate the need for this.
Once you’ve done this, edit /etc/dehydrated/domains.txt to include your domain (e.g. imap6.example.com) and add /etc/dehydrated/conf.d/config.sh containing CONTACT_EMAIL=”firstname.lastname@example.org”.
Having done this, you can run “dehydrated -c”. I’d recommend not running it as root, which means fixing the directory permissions when it falls over the first time. All that sorted, we should now have a directory /var/lib/dehydrated/certs/imap6.example.com/. That means we can go ahead and edit /etc/dovecot/conf.d/11-ssl.conf to read:
ssl = required ssl_cert = </var/lib/dehydrated/certs/imap6.example.com/fullchain.pem ssl_key = </var/lib/dehydrated/certs/imap6.example.com/privkey.pem
While you’re there, you should set port=0 on the non-SSL IMAP listener in 10-master.conf, to stop it listening on non-SSL ports.
All that sorted, we can restart Dovecot:
# service dovecot restart
And now we can jump over to a client machine and try it out:
$ ncat --ssl -v imap6.example.com 993 Ncat: Version 6.47 ( http://nmap.org/ncat ) Ncat: SSL connection to 2a00:1098:0:82:1000:3b:1:1:993. Ncat: SHA-1 fingerprint: 2FB3 9166 A7B7 6552 6215 963C 43D0 824E A02F 9FB3 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
Assuming all is well, you’ll see the OK response from Dovecot, and when you hit Ctrl-C, you’ll get a line logged in /var/log/syslog on the server complaining about how your client hung up.
At this point, you should be able to try it with a real mail client, e.g. Thunderbird. And you’ll notice that everything in the garden is lovely, except that the logs show all connections coming from Mythic’s proxy, rather than their true source IPs.
Part 3: Proper IP addresses in the logs
# apt-get install -t jessie-backports dovecot-imapd
Now we need to turn on PROXY support for imap6.example.com using the Mythic control panel. Having done that, I was very impressed with Dovecot – the logging in /var/log/syslog walked me through fixing each mistake I made, starting with needing to configure Dovecot for PROXY:
Edit /etc/dovecot/conf.d/10-master.conf and add haproxy = yes to the imaps listener. The defaults are sensibly secure: to avoid clients spoofing IP addresses, you must provide a whitelist of clients allowed to speak to listeners with haproxy support turned on. That means setting haproxy_trusted_networks in the same file. You can find the necessary IPv6 addresses to space-separate on this page.
Having done that and restarted Dovecot, I moved my laptop over to my guest wifi network (where there is no IPv6), and restarted Thunderbird…
$ grep dovecot /var/log/syslog Apr 1 17:17:55 test-box dovecot: imap-login: Login: user=<david>, method=PLAIN, rip=192.0.2.1, lip=184.108.40.206, mpid=1234, TLS, session=<...>
Result! The IP quoted as “rip” (remote IP) is the IPv4 one I’m running Thunderbird on. Interestingly, Dovecot has chosen to log the IPv4 of Mythic’s proxy as the local IP (lip).
I was surprised to find my less-than-a-year-old HP Microserver Gen8 taking over half an hour to come back from each reboot. Closer inspection showed the system clock jumping back to 2016 every time it restarted, which forces an fsck when Linux realises its disks have been modified “in the future”. Checking >1TB of disk takes a long time.
It’s been a while since I had to replace a CMOS battery, but it fixed the problem:
It doesn’t apply to everyone who works in the IT industry, but as most of us get older, we lose our tolerance for things which don’t Just Work, at least in our home lives. When you’ve spent all day working with new and sharp-edged technology, you really want to come home and have your appliances act like appliances, not like computers which misbehave and need debugging. Having said that, a related phenomenon I’ve experienced over the past year is that when you are promoted far enough to stop doing coding for a living, you may have a resurgence of interest in hacking around with stuff in your spare time…
This has got very slick. These days, if you buy a new Pi with one of their SD cards, it boots to a nice menu asking which operating system you’d like to install – including Microsoft’s IoT offering, which looks interesting. I haven’t tried it yet, though, as my first Pi 3 is destined for media centre duties, making OSMC the OS of choice.
So I’m off to spend the weekend with friends in London, as you do.
There are a few things I really want to get done on the train, involving my laptop. Odds of getting a seat with a plug socket and enough space to work, on a Friday night peak time GWR train from Oxford to London Paddington? Approaching zero unless I pay double for first class.
But wait, capitalism to the rescue! Almost uniquely in the country, Oxford station now has multiple competing routes into London, courtesy of Chiltern going via Oxford Parkway and into London Marylebone. And unlike GWR, it’s on time, and I have not just a table, socket and reasonably roomy seat, but three other unoccupied seats around me.
GWR, I’m never taking your route to London again.
(The WiFi is crocked, though … couldn’t all be perfect, now could it.)
Getting data abroad on EE pay as you go has always been a miserable experience, assuming you’re too disorganised to sort it out in advance. You land somewhere foreign, you just need a few MB to get Google Maps up and find your hotel, and if their captive portal even manages to load, it’s sorely lacking in a button which says “shut up and take my money”. They also apply rather mean time limits – yes, you can have 75MB of data, but it only lasts 24 hours. WTF? I wanted that much for the whole trip.
For longer trips abroad, none of this matters as you can simply buy a local SIM at the airport. This is especially easy for me with my OnePlus Two, as it has twin SIM slots so you don’t miss out on the odd text or urgent call from home.
However, for just four full days on the ground in Seville – much of it spent in an underground hotel conference centre with excellent WiFi – what to do?
Google Maps is really good these days at downloading the surrounding area while you’re on WiFi, which almost solves the problem, but not quite.
However, I remembered that I have an AAISP SIM in my second slot. In addition to its clever SIP pass through, it can also do data roaming. The prices are high – 10p/MB – but it’s pay as you go, billed in arrears by direct debit, and you can set hard limits at their end as well as on the phone itself.
This worked out really nicely, and I used 28.98MB over the four days. Which means I saved 11p vs paying EE their £3, and probably a lot more because I would have needed data over more than a 24 hour period. Well done AAISP.
Memo to self: must ditch EE for someone less annoying.