#Rootspirit

First of all, create your certificates (the regular way). I created one with multiple domains: webmail.rootspirit.com, mail.rootspirit.com, smtp.rootspirit.com.

In my case, as the mailserver and webserver are behind a proxy (postfix, imap, Roundcube Webmail), I create the certificate on the proxy (nginx) and scp the cert to the mail server. All this is automated with a tiny script.

For Postfix, edit main.cf and change/edit/add these lines (check the right path too!):

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/letsencrypt/webmail.privkey.pem
smtpd_tls_cert_file = /etc/ssl/letsencrypt/webmail.fullchain.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/urandom
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/postfix/dhparams.pem
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_use_tls=yes
smtpd_tls_security_level=may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel=1
smtp_tls_loglevel=1

And restart postfix: /etc/init.d/postfix restart

If you're running Postfix, add this line to main.cf:

Restart Postfix, and retry.

PS: You can set encrypt instead of may -- but this can cause issues with Amavis and/or SpamAssassin.

I had the same theme for over four years. I’ve made quite a few custom css and PHP edits myself, and it had been outdated for ages… But it served me well.

However, it’s now time for something new.

As always, as minimalistic as possible.

On a side note, this blog has been moved from vm1 (and one before that) a virtual machine running on a dual Xeon 3070 (2.66Ghz) at Databarn to Akama, a VM on an 8 core Xeon E3-1230 (3.2Ghz) at Leaseweb.

Yay, after some hardware issues my blog’s back.

Zero had a corrupt reiserfs. Decommissioned the old P4 and replaced by a brand new dual Xeon. Running Xen and Debian instead of Gentoo.

And shortly there after Four (the server that hosts this VM), the Ubuntu host with Xen refused to start its networking, so I decided to start a fresh install (Debian as well this time).

One, who also had a broken hard disk (an old P3) got decommed as well.

Oh lord. I seem to have entirely forgotten One’s, euh, uptime-day. (Yea, blame my business trips in Beijing & San Francisco for that).

But… Over 2 years! yay

As you noticed… Or perhaps didn’t notice, I’ve started using a new, simplistic theme a couple of days ago.

Kinda thought it might be too simplistic (I’ve hidden the sidebar, there’s no search or archive, etc), but I started to, you know, get attached to it.

So it’s here to stay, for a year or something. I guess.

I’ve also noticed that the long load times on my blog were WP_Buzz’s fault. Nice plugin, but 15 to 45 seconds of load time per uncached page wasn’t really worth it. Hope it can be fixed.

Big grats to good old Zero and its one year uptime! ;)

Has a year uptime as well! Yay ;)

It's the one at the bottom. Running Ubuntu as OS (Dom0) and several Xen virtual machines (such as the nginx reverse proxy cache of this blog). Four is a dual core Xeon with 8Gb RAM.

Big grats to One, with its one year uptime. ;) And been running for over 1500 days ! Old server is getting old. :(

(The 2nd one from the top ;), resting on that Xserve)

This is an old dual P3 I got off eBay years ago. This blog is running on that server. It's running Gentoo as OS.

Next up is Four and about an hour after that Two! Geekyness!