Hardening Postfix

Postfix logo

While there are plenty of good (and not so good) anti-spam solutions available, most of them cost a bit of money in terms of purchasing and licensing fees. Even without a dedicated appliance, there are several ways you can harden the Postfix MTA against spam and other internet nasties. In this article, we’re going to look at some ways of hardening postfix that I’ve found effective. Continue reading “Hardening Postfix”

Using blacklists with iptables

If you have any kind of system connected to the Internet, you are no doubt aware that no matter how small or unimportant it might seem, it is frequently probed, tested or subject to various attempts at abuse. These attacks come from so many malicious hosts that it is impossible to keep track by hand. So I started looking for a way to implement an automated blacklist to use with iptables. Continue reading “Using blacklists with iptables”

“Hand over those decryption keys…or else”

Another day, another worrying proposal from the Dutch government. As we await the formation of a new cabinet, Dutch minister of Security and Justice, Ivo Opstelten is seeking to change Dutch law to make it mandatory for suspects of certain crimes to hand over their decryption keys so that law enforcement officers can have access to their private data. Failure to comply would constitute a criminal offence. Continue reading ““Hand over those decryption keys…or else””

Convergence, an alternative to Certificate Authorities

In the aftermath of the Diginotar hack, I wrote an article that mentioned we needed a silver bullet to solve the problems with the current state of SSL and certificate authorities. Of course the Internet wouldn’t be the Internet if such a silver bullet didn’t emerge sooner or later. Famous hacker Moxie Marlinspike has announced Convergence, a tool to verify the identity of websites without the need for a Certificate Authority. Continue reading “Convergence, an alternative to Certificate Authorities”