Recently in Announcements Category

imap server updated

By Jason Fesler on November 29, 2008 11:01 AM | | Comments (0)
..for security reasons.  

Hollar if anything is still amiss.

More SSH scanning countermeasures

By Jason Fesler on November 29, 2008 8:54 AM | | Comments (0)

This is to users to ssh to gigo.com.

Last year, I enabled countermeasures to help keep the SSH hack attempts against gigo.com down to a minimum. We automatically block the IP address of systems trying to log in to gigo.com and repeatedly failing.

The problems are getting worse; as such I'm making these changes:


  • Attempts to log in as a valid ID: unchanged; 10 attempts and you're banned 15 minutes
  • Unknown accounts and daemon accounts: immediately blocked for 150 minutes

If you log in from another account with a different account name, make sure that you always remember to specify your gigo.com account name (correctly!) or the machine you are connecting from will be blocked for everything but the web server, for 150 minutes. If this regularly affects you, I *can* whitelist specific IP addresses to be immune to this behavior.

Mail changes - planned

By Jason Fesler on November 9, 2008 2:00 PM | | Comments (0)
[Updated Sunday 2:00p]  -  Changes are now in effect.

Condensed version:

Attachments are allowed now (most are, at least).  Incoming viruses or otherwise "dangerous" files will be made a bit safer (the message is turned into an attachment; and the message you see, will say [VIRUS ATTACHED] in the subject line). 

Attachments (in and out) are scanned for viruses using an open-source virus checker.  This is not a good substitute for you running your own protection.  We could (collectively) pay for a commercial virus checker.  A better use for your money is to make sure your workstation is running antivirus of its own.

Spam filtering has changed a bit; please make sure you are filtering on "X-Spam-Flag: YES".  If you can only filter by subject, then look for SPAM in the subject line.   A limited amount of customization is still available at https://mail.gigo.com/ - primarily affecting whitelists, blacklists, and a minimum score to consider a message as SPAM.

Finally, @gigo.com mail is being signed with DKIM.  Some providers will give us a a positive nudge when they do their own spam checking when the mail is properly signed.  I can do this for other domains as well - let me know if you want this.  

I'm reachable as jfesler@gigo.com or (if you have problems with that for any reason) postmaster@gigo.com .





Mail server changes

By Jason Fesler on November 8, 2008 12:36 PM | | Comments (0)
As of this morning I've enabled some of the blacklists from SpamHaus.  Anyone who has their mail rejected mailing our system will be given a url in the bounce message; as well as postmaster@gigo.com's email address for exceptions.  Note that postmaster is never filtered here - even if we generally block their mail when they mail me as postmaster, it'll still come through.

I'm watching the logs and looking at the rejects looking for signs of false positives.

This change in behavior is to cut down the resources it takes to fight spam - the greylisting was the primary barrier previously, but that is becoming costly.  If you want me to turn off antispam measures at the mail server level to your address or domain, let me know.

gallery 2.2.6 update

By Jason Fesler on September 18, 2008 7:41 PM | | Comments (0)
those of you running gallery on my server - I've updated all of them for a security update.

gigo.com kernel .. and .. os .. upgraded.

By Jason Fesler on September 3, 2008 7:43 PM | | Comments (0)
For those of us running IPv6 on FreeBSD, there's a new security bulletin out.  Gist of it is, rebuild your kernel.

I figured, kernel alone was plenty, since we're going from 7.0-STABLE to 7.0-STABLE - usually those deltas are _very_ trivially minor.  Alas, that wasn't the case - the ramdisk utilities that gigo.com depends on didn't like the new kernel, and the box didn't work after reboot  I ended up having to drive to the colo in Fremont (120 miles, rush hour), and rebuild the OS.  

In any case.. we're back up now.

ns2.gigo.com, vend.gigo.com moved

By Jason Fesler on August 3, 2008 12:57 PM | | Comments (0)
The following services have moved to a new machine, at a new location:

  ns2.gigo.com
  vend.gigo.com
  irc.gigo.com (1 of 2 redundant peices of irc.gigo.com, anyways)

Please hollar if anything seems "wrong"; howerver, these are boxes that most people don't log into.

ipv6

By Jason Fesler on May 8, 2008 10:56 PM | | Comments (0)
I'm enabling ivp6 for all dns addresses now.  Let me know if I broke something.
1-877-4FESLER if it's urgent.

This blog will have a green header if you're visiting from ipv4, and a blue header from ipv6.


ipv6; bind

By Jason Fesler on May 5, 2008 8:37 PM | | Comments (0)

I've made some changes on the system; more are coming. Specifically so far:


  • goat.gigo.com is now accessible on ipv6.

  • irc.gigo.com is now accessible on ipv6.

  • mail primary MX is on ipv6; secondaries will be soon.

  • I changed from djbdns to bind. Lemme know if you see anything funky. If you edit zones here on gigo.com, I'll only install them if it passes a basic "will it load" test (using named-checkzone).

  • ns3 and ns4.gigo.com are deprecated; they are currently aliased to ns1.gigo.com

  • I'm not publishing IPv6 NS records - waiting for word on whether I can get "glue" records published to .com for that.

Do I host your DNS?

By Jason Fesler on May 5, 2008 3:15 PM | | Comments (0)

I'm in the process of simplifying my DNS setup. I'm reducing the number of DNS servers I maintain down to two. Most of the domains are hosted by me for web/email as well - and if the host is down, the DNS isn't gonna matter quite so much. If *.gigo.com servers are hosting your dns domain, please update your domains to point at these two name servers:

  • ns1.gigo.com (Located in Fremont, CA using HE.NET)
  • ns2.gigo.com (Located in Sacramento, CA using CWO.COM)

I will still keep ns3 and ns4 around, but they won't be unique from the first two.

« About | Main Index | Archives | Authd »