Blog.rac.me.uk
Blog.rac.me.uk
✍️Write rieview ✍️Rezension schreiben 🏷️Get Badge! 🏷️Abzeichen holen! ⚙️Edit entry ⚙️Eintrag bearbeiten 📰News 📰Neuigkeiten
Tags:
Hi. Thanks for this article... I understand that, it is safe to replace the standard aspmx.l.google.com / alt1 etc records with the mx1.smtp.goog records, and that there will be no issues sending or receiving emails? It's been a little while since the last post on this article. No developments or changes since?
21.11.2024 14:30Comment on DNSSec signed Google Apps/G Suite Email by Leigh RogersI would imagine if any admin can login to the home SMETS2 device, they could potentially connect to your home network. Who could do this MI5/6 also foreign government techies or those who have a relationship with them also other hackers. I see no material on the Government Cyber unit covering this. There should be statements to describe what access is possible I. This regard. The Post Office didn't understand that 'others' could connect to the users of the end devices (the sub Post Office Masters). We know that UK gov can read our emails, any phone calls we make, web accesses, probably connect to our local routers and gain access to out home networks - but each of these rely on an individual connection. SMETS2 network will allow one connection to provide everything - automation - for everything.
2.8.2024 14:41Comment on Smart Meters (1/2): Why you shouldn’t get one by Security McafeeGreat advice! Thanks for sharing. What priority you applied to this? mx1.smtp.goog mx2.smtp.goog mx3.smtp.goog mx4.smtp.goog
4.1.2024 23:53Comment on DNSSec signed Google Apps/G Suite Email by VascoYes, you're right however this email server {mx*.smtp.goog} allowed by advertised MTA-STS policy. It means, this host supports MTA-STS, which means that it restricts which MX servers can be used and how they are configured. A host currently in the configuration is not allowed by the advertised MTA-STS policy. Finally, if you want to use secure mail service MTA-STS policy is important but not with your mentioned records.
19.12.2023 15:30Comment on DNSSec signed Google Apps/G Suite Email by Y. K.In an effort to prove to myself that I am actually trying to do work this month, I’m making a note of all the bugs in 3rd party software I find. Today is a bug reported the developers of the miniOrange Broken Link Checker | Finder WordPress Plugin on the 11th June 2022 through the WordPress plugin forum about database syntax issues being caused in the version 2.1 of that plugin. Initial Bug Report I’ve noticed on my error log on my WordPress 6.0 install with WooCommerce 6.5.1, PHP 7.4.29 and MariaDB 5.5.5-10.6.8 as the database – I’m getting a lot of SQL syntax checks from this version 2.1 of the miniOrange Broken Link Checker/Finder: WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's Cloth size chart','404', '0s'), ('d92860bc9a2845a22d68e0e7e6038274', 'https:/...' at line 1 for query INSERT INTO XXXX_moblc_link_details_table (`link_hash`, `link`,`page_title`, `status_code`,`loading_time`) VALUES ('81beabf2527fbd2ad963ce1a0357c91d', 'https://example.com/ wp-content/ plugins/woo-advanced-product-size-chart/ admin/images/default-chart/cloth_size_chart.png', 'Women's Cloth size chart', '404', '0s'), ('d92860bc9a2845a22d68e0e7e6038274', 'https://example.com/ wp-content/ plugins/ woo-advanced-product-size-chart/ admin/ images/default-chart/ mens-shoes-size-chart.png', 'Men's Shoes Size Chart','404','1s'), ('7e409ab4a7f0599289e10a694d02fe17',' https://example.com/ wp-content/ plugins/ woo-advanced-product-size-chart/ admin/ images/ default-chart/women-shoes-size-image.jpg','Women's Shoes Size Chart','404','0s') ON DUPLICATE KEY UPDATE `status_code`= VALUES(status_code); made by do_action_ref_array( 'moblc_scan_cron_hook' ), WP_Hook->do_action, WP_Hook->apply_filters, MOBLC_Cron->moblc_scan_cron_hook_exec, MOBLC_Cron->check_links_from_pages Any ideas of the fix? Initial reply Just over a week later, on the 20th of June at 11:01, I got a reply: Thank you for pointing out the issue. We have resolved this issue in our latest version of broken link finder/checker – 2.3 We have also introduced the following new features in the broken link finder plugin which will help you to maintain and improve the site’s SEO. 1. Improved Cloud scan for dead links, broken Images, broken videos, etc.2. Edit broken links/posts/pages and remove/fix broken links.3. Filter report according to response type of broken links. Please update your plugin to the latest version and let us know if you are facing that issue anymore. It looks like version 2.3 of Broken Link Checker | Finder resolve that issue (although, to be honest, I had already gone back to WPMU Dev’s Broken Link Checker), but there were more problems. Follow-up After testing, I replied at 21:20: I think that’s working – however, the following problems have occurred: * Unable to drop SQL Column [20-Jun-2022 20:51:42 UTC] WordPress database error Can't DROP COLUMNlink_hash; check that it exists for…
16.12.2023 16:49Bug Report [Fixed]: WordPress Plugin “miniOrange Broken Link Checker” syntax errorsIn reply to <a href="https://blog.rac.me.uk/2022/11/02/dnssec-signed-google-apps-g-suite-email/comment-page-1/#comment-281014">Richy B.</a>. Thanks for following up and for the background on your move. I'll go experiment with my email domains this weekend. Cheers!
26.11.2023 12:07Comment on DNSSec signed Google Apps/G Suite Email by John B.I recently had to help somebody with a Windows 10 based application which offered a “connection” facility (i.e. enter your computer’s IP address and port and the 3rd party system would connect to it), but the application failed to say which port(s) it had open. Whilst there are a number of ways to view open ports – such as Microsoft’s Sysinternal’s TCPView and NirSoft’s CurrPorts – I wanted to suggest a way which neither required an additional piece of software to be installed and didn’t require administrator access. Here are the steps to find out what ports application “AppName” has open:
25.11.2023 21:23Windows: What ports does application/program X have open?Hi John, Yes - I did configure these servers for my Google Apps provided email - and yours, according to https://www.hardenize.com/report/johndball.com/1700667786#domain_dnssec - do look good. However, https://internet.nl/mail/johndball.com/1077231/#control-panel-6 shows that the Google mail servers you are using (alt1.aspmx.l.google.com) are not DNSSec signed - only the mx[1-4].smtp.goog. ones are signed. Otherwise it looks good. I have had to actually temporarily remove DNSSec from my domains as, due to <a href="https://blog.rac.me.uk/2023/09/24/google-domains-closing-current-com-domain-name-prices/" rel="ugc">Google ditching Google Domains</a>, I've moved my domains over to WordPress.com who don't currently support it :(
25.11.2023 20:53Comment on DNSSec signed Google Apps/G Suite Email by Richy B.Hey, just found this article. I am a Google Apps for Business user and I have DNSSEC configured for my domain... but not my Google Apps email. Did you configure these servers for your Google email DNSSEC? In my example, look at Hardenize johndball-dot-com and I don't have DNSSEC for my email, but for my domain.
22.11.2023 15:49Comment on DNSSec signed Google Apps/G Suite Email by John B.If you have ever wondered what bit of plumbing a small metal capped pipe that sticks out of your house could be, then that is the end of your combi boiler’s PRV (Boiler Pressure Relief Valve): and if it has water dripping/leaking from it, it most likely means your boiler has been over pressurised (i.e. you’ve put too much water in it) or you may have a faulty expansion vessel in your boiler. Luckily for us, this isn’t our pressure relief valve pipe – but I did initially think it was (as it was on “our side” of an exterior wall). The pressure relief safety valve (PRV) is mandated by British Standard BS 6798:2014 for sealed central heating systems and is intended to stop any excessive pressure causing damage. The small pipe bit isn’t actually the valve itself, but is just the pipework which leads from the spring-loaded valve within the boiler. Leaks from it could also be caused by the valve not being able to close correctly due to dirt build up.
4.10.2023 13:37Boiler Pressure Relief Valve Pipe – aka what is that small metal pipe sticking out of my house leaking water?Mastodon prefers pages with JSON-LD Structured Data, but then will fall back to OpenGraph tags and then it will use HTML tags. It renders JSON-LD Images and OpenGraph preview images.
25.9.2023 18:35How Mastodon handles images and web previewsI’ve spent a while migrating all of our non-.uk domain names to Google Domains – only for Google to announce that as of September 7th 2023 they are stopping all new domain registrations and moving the public domain registrations over to Squarespace (Google domains managed 9 years before being killed by Google). We were paying £10/year for .com (and .net and .dev) domain name purchases/renewals with Google – but what are the “current market prices”? (I was starting to migrate domains over to WordPress (mainly for the free year of renewal), but finding out that they don’t support DNSSEC and that there isn’t an ETA for its implementation means I might have to look elsewhere.) Domain provider .com price (one year) Notes Thanks to Cloudflare £7.47 Price converted from $9.15 USD.Does support DNSEC.Domains must use Cloudflare’s authoritative DNS provider. WordPress £10.00 Currently offering free transfer+1 year renewal for domains currently with Google Domains.Does not support DNSSEC. ResellerClub £10.44 Price converted from $12.79.Available to resellers only. Amazon Route 53 £10.63 Price converted from $13.00 ClouDNS £10.93 Price converted from $13.39 USD.Does support DNSSEC. Dynadot £10.99 OpenSRS £11.23 Price converted from $13.75 USD.Available to resellers only. Namecheap £11.40 New customer pricing of £4.87. Neil Turner via Mastodon DNSimple £11.86 Price converted from $14.50 USD.Requires a free subscription.Does support DNSSEC. Shopify £12.28 Price converted from $15.00 USD.Might be limited to using Shopify’s platform. 20i £12.49 Does support DNSSEC.Reseller pricing £10.49 (reseller package costs £47.99/month) OpenProvider £12.76 Price converted from $15.58 USD.Members pricing £8.00 (membership costs $49.99/year) OVHCloud £12.95 First year registration: £10.19Does support DNSSEC Hetzner £13.55 Price converted from €15.60 EUR. Hover £14.73 Price converted from $17.99 USDFirst year registration £13.10. EasyDNS £15.51 Price converted from $19.00 USD. Squarespace £16.00 New provider for Google Domains customers.First year registration £9.60 Hostgator £16.37 Price converted from $19.99 USDFirst year registration £10.61. Joker £16.62 HeartInternet £16.78 Advertised prices exclude VAT.First year registration £11.98 Mythic Beasts £17.40 Advertised prices exclude VAT.Does support DNSSEC. Jonathan Matthews via Mastodon Bluehost £18.00 Price converted from $21.99.First year registration £10.91 Ionos £18.00 First year registration £1.20. Howard Cheng via Mastodon Domain.com £18.00 Price converted from $21.99. Network Solutions £20.48 Price converted from $25.I brought my first domain from them in 1998 – NS has been sold 4 times since! Easily £20.89 Advertised prices exclude VAT 123-Reg £20.38 Advertised prices exclude VAT.First year registration £5.99 GoDaddy £21.56 Advertised prices exclude VAT.First year…
24.9.2023 19:43Google Domains closing – current .com domain name pricesThis killed my AutoSSL, apparently this hack is too brutal.
8.7.2023 05:15Comment on cPanel: Disabling cPanel Store Promotions by Kostya SThanks, this was EXACTLY what I was looking for
24.11.2022 19:07Comment on ActivityPub for WordPress – How to fix ModSecurity to make it work by DanHaving problems with the AcitvivityPub For WordPress plugin? If your server is running mod_security, then the solution is to change the list of allowed content-types.
10.11.2022 14:56ActivityPub for WordPress – How to fix ModSecurity to make it workI’ve been using Google Apps, aka Google Workspace aka Google Suite (or just G Suite) for a while now and it’s annoyed me that I was getting “marked down” on e-mail security testers such as Internet.nl and the UK Government’s National Cyber Security Centre (NCSC) Check Your Email Security Service because Gmail for Business (G Suite) didn’t support DNSSEC (Domain Name System Security Extensions) signed MX hosts. However, I’ve managed to find Google’s DNS Sec settings which – combined with other setups on my main domains – mean I get 4 green ticks from the NCSC, 97% from Internet.nl (I’m let down by Google’s support of old TLS and Ciphers settings and no DANE TLSA records) and all green (apart from DANE) on Hardenize : so nice strong secure email! Google normally suggest you use the following MX (Mail Exchanger) records in your DNS settings if you use G Suite: Priority Mail Server (MX Entry) 1 ASPMX.L.GOOGLE.COM 5 ALT1.ASPMX.L.GOOGLE.COM 5 ALT2.ASPMX.L.GOOGLE.COM 10 ALT3.ASPMX.L.GOOGLE.COM 10 ALT4.ASPMX.L.GOOGLE.COM The normal suggest Google Suite Email Servers for Businesses (The records can actually be in any order and the priority can be anything – but Google do recommend that aspmx.l.google.com is set as the “highest priority” which is actually 1) However, after a bit of searching (using DuckDuckGo and not Google 😉 ), led me to a blog post by Nis Bornoe and Kura the following G Suite DNSSEC signed MX records: Google’s DNSSEC Signed Mail Servers (MX Entry) mx1.smtp.goog mx2.smtp.goog mx3.smtp.goog mx4.smtp.goog Google’s “hidden” DNS SEC Signed MX Records These domains are hosted on Google owned Charleston Road Registry (CRR)’s .goog top level domain (not to be confused with their .google and .gle brand top-level domains: or the 98 other ones they applied for) and .goog domains can “only be registered to Google Inc and its affiliates” so you’ve got some confidence they are legitimate. However, whilst myself and Nis and Kura do not seem to have had any problems using these IPv4 and IPv6 supported DNSSEC signed nameservers (and according to DNSlytics and WhoisXMLAPI there are over 930 domains currently using them), they are not officially supported or documented (from what we can find) and have been running since at least 2019 – so they should be reasonably safe to use. The only “catch” may may be that, for some reason, they do NOT have a reverse DNS (Pointer aka PTR) record setup…
2.11.2022 13:05DNSSec signed Google Apps/G Suite EmailHow to view and remove a rate limited IP address from the Exim mail server.
28.10.2022 17:22Techy: Removing an rate limit block from EximI'm just working in some Python code, and quite a lot of it has the "shebang" line for the Python interpreter set as an absolute path (such as /usr/bin/python) which won't work for me as I need the scripts to use whichever version of Python I have configured in my "environment": and the ideal way to do this is to call is using /usr/bin/env python - so how do I change these...
31.8.2022 23:43Techy: Changing Python Shebang path from absolute to envA few people have got a bit annoyed at the promotions/advertisements within their WHM webhosting control panel as developed by cPanel Inc (specifically, I saw the feature request “give server admins a way to turn off spam ads“). Whilst cPanel partners (i.e. whoever your brought your cPanel licence from – usually your datacenter or web hosting provider) have the ability to toggle these cPanel Store Purchases from their cPanel Inc “manage2” interface, there is a way of disabling it yourself by “abusing” the internal testing code built into cPanel (specifically /usr/local/cpanel/Cpanel/Config/Sources.pm which is called by /usr/local/cpanel/Cpanel/Whostmgr/Store.pm which, in turn, is called by /usr/local/cpanel/Whostmgr/Store/Product/ImunifyAVPlus.pm ): 1. Create a file (as root) called /etc/cpsources.conf 2. In that file add the following line: STORE_SERVER_URL=https://invalid.example.com/ (or any non-resolvable URL you like) WHM/cPanel will then be unable to fetch the list of available products and will fall back to not promoting them.
23.8.2022 10:14cPanel: Disabling cPanel Store PromotionsIn reply to <a href="https://blog.rac.me.uk/2016/05/04/techy-getting-curl-to-work-with-lets-encrypt-unable-to-get-local-issuer-certificate-error/comment-page-1/#comment-256101">.Tom</a>. Hi Tom, Sorry for the nearly 2 year wait to approve your comment - I've been away from blogging for that long. Basically, our scenario was that we needed to be able to access sites which did not have the certificates setup correctly. Yes, you are correct that they are the intermediate certificates and not actually the "root root" ones, but they are/were the "root ones for Let's Encrypt": which, when you had a "spun up for this site only" VM-based web service which just wanted to access one site without actually caring about security (but needing to be able to pull the certificate, inspect them and inspect the site contents), it worked for our needs.
14.7.2022 18:16Comment on [Techy] Getting cURL to work with Let’s Encrypt: unable to get local issuer certificate error by Richy B.