Great guide from @solene on setting up an #OpenBSD mailserver: https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html - would be great to see something about running this with mailman 3, postorious and hyperkitty in the future (but not expecting it)

Full-featured email server running OpenBSD

https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html

gemini://perso.pw/blog/articles/openbsd-email-server-setup.gmi
#nocloud #selfhosting #openbsd #security

@solene

Since I'm not working on the #OpenBSD laptop, I can use it for music and video playback. I remember from the past that video could be a little janky in OpenBSD, but that is no longer the case.

I'm getting great video, no stuttering. Great audio as well.

I have been experiencing some stuttery video in the Threads website in Fedora 40, but that doesn't happen at all in OpenBSD 7.5. It's the exact same hardware (I boot Fedora from an NVMe SSD and OpenBSD from a SATA SSD). Maybe it has something to do with Wayland in Fedora vs. Xenocara in OpenBSD.

This OpenBSD system, using #Firefox, is great for YouTube. Again, this OS hasn't had a previous "reputation" for smooth video playback, but I have been very pleasantly surprised.

I tried the Pandora music service in Firefox, and that plays very well.

Spotify will NOT let you use its service via browser on OpenBSD (maybe you can "trick" it, but I haven't tried), and of course there is no official app on OpenBSD. However, I've been using the great #ncspot — an ncurses app written in Rust (https://github.com/hrkfdn/ncspot) — in the terminal for Spotify playback, and it has been working really well. I had to specifically set my terminal in Xfce to allow for Unicode so everything looks better, but the audio (and UI) is pretty great.

ncspot is available as a package in OpenBSD, making it easy to install. I like it in Linux as well, where I tend to add it as a Flatpak.

For over a week I haven't been able to set up OpenBSD's relayd to work the way I want it to. Would someone be so kind to help or refer me to someone who can help.

Summary: I have one VPS with IPv4 and IPv6 running OpenBSD 7.5. I want to provide multiple TLS-capable services that relayd should dispatch based on the hostname of the HTTP request. In that case I want to redirect the request to some other port. It would be nice if the default could just fall back to httpd on port 80/443, but manually listing these is also acceptable. The non-httpd services don't do encryption, so it would be nice if relayd could take care of that.

From what I understand this is a pretty standard setup with nginx, but unusually tricky with httpd/relayd.

If it makes it easier, I could set up a virtual machine on the server, but I'd like to avoid the overhead.

Thanks!

#emacs #openbsd #help

Just booked my round-trip flights for EuroBSDCon in Dublin! With this step completed, I’d say everything is set, and I’m looking forward to attending this amazing event for the first time.

Taking this opportunity for #ThankYouTuesday to express my gratitude to the organizers ( @EuroBSDCon ) for their kindness and availability throughout the process.

I truly appreciate it!

#EuroBSDCon #Dublin #RunBSD #FreeBSD #NetBSD #OpenBSD #DragonFlyBSD #EuroBSDCon2024

#openbsd #netbsd #freebsd #linux #havefun
....drink more water

What a beautiful treasure trove
thx4 https://www.tumfatig.net/

I just remember that I already wrote down how to link #OpenSSH Agent with #KeePassXC on #OpenBSD in 2022. And it still work on my new 7.5 instance.

https://www.tumfatig.net/2022/using-keepassxc-with-ssh-agent-on-openbsd/

TIL about vacation(1) on #OpenBSD

http://man.openbsd.org/vacation

Learned about it via a patch on tech@ https://marc.info/?l=openbsd-tech&m=172166999404303&w=2

This world needs less #BSOD and more #BSD - a single letter can make a difference!

#RunBSD #FreeBSD #OpenBSD #NetBSD #DragonFlyBSD

@stefano

#CyberSecurity #SSH #VPN #ITSecurity #SysAdmin #TechSupport #OpenBSD #Debian

Oh dear! How stupid people can be!

Email received a few days ago: "We need to know which version of SSH is installed on the server, as we want to ensure it is not vulnerable to external attacks." My response: "Don’t worry, SSH is accessible ONLY via VPN, and I am the only one with access to that VPN—activated only when needed—so there is no way for there to be any issues, regardless of the version used."

Email received this morning: "We’re not interested; you must provide the SSH version installed and, if it's not the latest, ensure us of the update date."
My response: "Sorry, could you explain the rationale? SSH is not exposed, it’s not listening on any public IP."
Their reply: "Provide the version."
My response: "OpenSSH_9.7, LibreSSL 3.9.0, on OpenBSD."
Their reply: "This is not considered secure. It must be OpenSSH_9.2p1 Debian-2+deb12u3."
My response: "It’s not Debian; it’s OpenBSD."
Their reply: "So the systems are insecure."

And they claim to be a cybersecurity company...

#CyberSecurity #SSH #VPN #ITSecurity #SysAdmin #TechSupport #OpenBSD #Debian

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟰/𝟬𝟳/𝟮𝟮 (Valuable News - 2024/07/22) available.

https://vermaden.wordpress.com/2024/07/22/valuable-news-2024-07-22/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

My OpenBSD web server runs since three weeks and does not use much of the available resources 😃 I also like that it has an integrated web server that supports all the things I need (HTTPS redirects, TLS and compression) AND only consist of one config file for the website configuration

It is an awesome choice for people who look for a minimal, lightweight and secure operating system for servers

#openbsd

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟰/𝟬𝟳/𝟮𝟮 (Valuable News - 2024/07/22) available.

https://vermaden.wordpress.com/2024/07/22/valuable-news-2024-07-22/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Is there a #BSD or #Unix user group in #Bordeaux?
#runbsd #openbsd #netbsd #freebsd #bug #gironde

I'm protected from #Crowdstrike because I run #OpenBSD !! #FreeSoftware #FOSS

Asked by every you two people, my notes for dealing with video and audio editing using #KDEnlive, #Audacity and #ffmpeg :)

https://www.tumfatig.net/2024/video-edition-notes-on-openbsd/

#RunBSD #OpenBSD

#FreeBSD #NetBSD #OpenBSD @BoxyBSD@bsd.cafe

Ohh! #OpenBSD 's httpd directory auto index looks nice !

Someone zinged it up while I wasn't paying attention :)

I might steal it's css.

#FreeBSD #NetBSD #OpenBSD #NomadBSD #GhostBSD #BSDCafe #RunBSD #BSDNetwork #BSDCommunity #meeting #usergroup #BoxyBSD

Looks like #OpenBSD 7.6 will have VAAPI support for intel / amd hardware accelerated video encoding / decoding

thanks @sizeofvoid

How to install #OpenBSD and set up an #Xfce graphical desktop for newcomers.

https://www.tumfatig.net/2024/openbsd-workstation-for-the-people/

If you like it better, there's a #Peertube video available here:
https://eggflix.foolbazar.eu/w/23tFBUygWvTDxdCKGrUDrP

#RunBSD

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟰/𝟬𝟳/𝟭𝟱 (Valuable News - 2024/07/15) available.

https://vermaden.wordpress.com/2024/07/15/valuable-news-2024-07-15/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

@h3artbl33d Hey 👋 there, I was curious what does #openbsd use for desktop (.initrc or . xsession)?

/me learned to extract audio from generated video, remove ambiant noise, normalize sound and insert the corrected audio track back into the video.

A journey with #KDEnlive #Audacity and #ffmpeg ; on #OpenBSD obviously.

**BSD Mail Project Update!**

Hello everyone! I wanted to share some exciting updates about the development of BSD Mail, our privacy-focused email service designed with robustness, security, and transparency in mind. Here’s a deep dive into the technical choices I've made, focusing on my use of open source solutions and open protocols:

🌍 **Servers & Location**

- We're running on two physical servers:
- One hosted by OVH in France
- Another by Hetzner in Germany
- Both servers operate on FreeBSD with NVMe drives in a ZFS mirror configuration for speed and data integrity.

🔒 **Virtualization & Security**

- We utilize jails on both servers to ensure isolated environments for different services, managed via BastilleBSD. On one server, jails are set up directly on the hardware, whereas the other server employs nested jails.
- Each server hosts a bhyve VM running OpenBSD with OpenSMTPD for handling SMTP duties securely.

🔗 **Networking**

- A Wireguard setup connects the two servers, facilitating routing capabilities so that jails and VMs can communicate seamlessly, supporting both IPv4 and IPv6.

📧 **Email Services**

- **Dovecot** is configured for maildir replication across the servers using Dovecot sync, ensuring email availability and redundancy.
- **Rspamd** instances are tied to local KeyDB jails, set up in master-master replication for consistent and reliable spam detection and greylisting.
- **ClamAV** runs in corresponding jails for virus scanning, maintaining a high level of security.
- **SOGo** provides a web interface for email management, connected to MySQL databases in master-master replication to handle sessions and authentication smoothly.

💾 **Data Management**

- Email data is stored on separate, encrypted ZFS datasets to secure emails at rest.
- MySQL databases are used for storing credentials and managing sessions for SOGo, also in a master-master replication setup. Importantly, all passwords are securely hashed using bcrypt, ensuring they are salted and safe.

🔎 **Monitoring & Reliability**

- Our DNS is managed through BunnyNet, which continuously monitors our server status. Should one server—or a specific service—become unavailable, DNS configurations are dynamically adjusted to avoid directing users to the affected IP until full service is restored.

🌐 **Commitment to Open Source and Open Protocols**

- Every component of BSD Mail is built exclusively using open source software and open protocols. This commitment is crucial for ensuring data freedom and the reliability of the solutions we use.

This setup not only emphasizes our commitment to privacy and security but also our dedication to maintaining an open and transparent platform.
We're excited to bring you a service where your privacy, data integrity, and freedom are prioritized. Stay tuned for more updates!

#BSDMail #OpenSource #Privacy #FreeBSD #OpenBSD #EmailHosting #Email

It's official: the new email hosting service I'll be launching will run on OpenBSD as well. The two OpenSMTPD SMTP servers will operate on two OpenBSD installations.

#EmailHosting #Email #OpenBSD #OpenSMTPD

Our first weekly will start on the 25th, April 2024 at 7 PM (GMT+2).

You can find all the details on the #BSDCafe wiki:
https://wiki.bsd.cafe/docs:weekly-bsdpub

For the first one, I already created a small agenda (https://wiki.bsd.cafe/docs:weekly-bsdpub-meeting-minutes-2024-04-25). You are highly encouraged to modify and extend this, as well as upcoming agendas!

Overview:
Day: Thursdays (weekly)
Time: 7 PM - 8 PM (GMT +2)
Where: https://meet.gyptazy.ch/BSDPub (Jitsi)
Infos: https://wiki.bsd.cafe/docs:weekly-bsdpub
Agenda: https://wiki.bsd.cafe/docs:weekly-bsdpub-meeting-minutes-2024-04-25
Info: No recordings, no deep tech dives (keep it simple, we have calls for the details, no pressures to anyone, have fun and enjoy)

When I started the poll to ask for interests in such a meeting I wasn’t sure that even more than 5 people would be interested. I’m happy to see this amount of interested BSD users. I’m aware of the different timezones and it might make sense to have a second timeslot. This one mostly covers the European and near-east users. I’m happy to hear suggestions regarding preferred timeslots for the US, Asia,… so far, I’m happy to see at least a few of you next Thursday in the call!

#FreeBSD #OpenBSD #NetBSD #helloSystem #BSDCafe #BSDNetwork #OpenSource #Solaris #illumos #openindiana #community #meeting #havefun #fun #BSDPub

Hey #BSD Fans!

We all share the same interests - #BSD based systems like #FreeBSD, #OpenBSD and #NetBSD.

We chat all day, sharing thoughts, questions and help. We talk on Matrix across different channels, we share on the #Fediverse. We have @vermaden@bsd.cafe's newsletter, we have @dexter@bsd.network's #FreeBSD #Jails and #bhyve calls and many other ones I can't list here.

Wondering if there would be and interests in the #BSDNetwork, #BSDCafe, etc., for a weekly smalltalk session like in a pub. Just a Jitsi based video/audio call where we can meet, discuss things from newsletter, trending things from the #Fediverse or just have off-topic and openminded discussions. This could result into the #BSDPub meeting.

I know, some people are shy - keep your cam off until you feel comfortable and feel free to join the discussions. Even this meetings should make fun and no pressure - so if someone is not in the mood or can't make it - no worries. No one will judge.

Would you be interested?

#helloSystem #DragonFlyBSD #HardenedBSD #GhostBSD #pfSense #illumos #tribblix #solaris #opensolaris #zfs #community #social

Sharing some technical details about how I'm setting up the hosted email service. It will not be a service of BSD Cafe but tied to my own business. It will run entirely on BSD systems and on bare metal, NOT on "cloud" VPS. It will use FreeBSD jails or OpenBSD or NetBSD VMs (but on bhyve, on a leased server - I do not want user data to be stored on disks managed by others). The services (opensmtpd and rspamd, dovecot, redis, mysql, etc.) will run on separate jails/VMs, so compromising one service will NOT put the others at risk. Emails will be stored on encrypted ZFS datasets - so all emails are encrypted at rest - and only dovecot will have access to the mail datasets. I'm also considering the possibility of encrypting individual emails with the user's login password - but I still have to thoroughly test this. The setup will be fully redundant (double mx for SMTP, a domain for external IMAP access that will be managed through smart DNS - which will distribute the connections on the DNS side and, in case of a server down, will stop resolving its IP, sending all the connections to the other. Obviously, everything will be accessible in both ipv4 and ipv6 and in two different European countries, on two different providers. Synchronization will occur through dovecot's native sync (extremely stable and tested). All technical choices will be clearly explained - the goal of this service is to provide maximum transparency to users on how things will be handled.

#BSD #FreeBSD #OpenBSD #NetBSD #emailHosting #encryption #ZFS #dovecot #opensmtpd #rspamd #emailSecurity #techTransparency #ipv6 #Europe

#OpenBSD may introduces Word into the base system

https://marc.info/?l=openbsd-tech&m=170742832804260&w=2

Running #wayland compositor #sway on #OpenBSD is very easy (only -current at the moment)

- pkg_add sway
- stop xenodm
- log-in as your user in a tty
- run /usr/local/bin/startsway.sh

that's all

Alt...

Screenshot of an OpenBSD desktop running the wayland compositor sway