Unfathomable – Jacob Sammon's Blog

06/03/2021

My Email System

As I’ve said in blog posts before, I am a strong believer in internet decentralisation, especially with regard to email. Today, I’m going to explain my whole system – from email clients to server, from DNS to domain.

The Server (VPS)

For the VPS (virtual private server) I run my email server from, I went with a €5/mo plan with the German company Contabo. But it’s always worth looking around for good deals with VPS’, as pricing can be very competitive. Linode, for example, will give you a $100 free 60-day credit if you use this URL: linode.com/unplugged (this code is from a podcast I listen to – Linux Unplugged).

My server runs Ubuntu Server 18.04 LTS, though I plan to update this to 20.04 LTS soon. Debian is a great server OS too.

The Email Server

For the email server, I use Dovecot, Postfix, Spamassassin, and OpenDKIM. I did try set this up myself, but found it to be a huge pain. Instead, I used EmaiwWiz by Luke Smith, which set everything up, though I did have to comment out one line in Dovecot config about SSL, so maybe watch out for that. Other good email software examples are MailCow, iRedBox, and MailInABox – the issue I had with all of these is that they require Nginx to run, and I much prefer Apache.

Emailwiz is a very customisable solution, for example, if you want auto-replies, virtual users, etc, you may want to install PostfixAdmin. To add aliases (hello@example.com > you@example.net), you can do it via CLI or using Webmin.

The Domain

*sighs*. It took me a long time to find the right domain – 4 months. At first I just used jacobsammon.com – but this had issues. First off, jacob@jacobsammon.com is long, and people have to spell my last name – I was going to buy jacobsalmon.com for this very issue, but it was snatched up by some bot as it expired (I checked WHOIS and it had been registered 15 minutes ago).

In the end, I opted for eml.pm – I love it. It’s short, recognisable, and actually means something. Eml means email, and .pm means private message (not really, but that’s how I see it). This has a few caveats, though, .pm is a ccTLD with restrictions requiring you to be a resident of the EU or EEA. I got around this as I registered it 3 days before the end of the UK-EU transition period, and AFNIC have said I can keep it and renew it. If you are wanting a .pm domain, I recommend using INWX and using their proxy service; the entire domain with the service will cost around €13/year.

Mine personally was registered with OVH, if you’re eligible to have a .pm, they have quite cheap pricing (£8.50/year ish), and include DNS, WHOIS protection, a 5gb email account, email forwarding, and web hosting.

DNS

So I know I mentioned that I registered eml.pm with OVH, and that they include DNS, but I decided to switch to Hurricane Electric, because when I enabled email for my email redundancy (more on that later), OVH overwrote some of my DNS, and it was much easier to move to Hurricane Electric.

Hurricane Electric are actually really good. Better than I expected. Though the interface isn’t super user-friendly, you get used to it – I quite like it.

Other free DNS services include places like Cloudflare. I personally host my own DNS server, but didn’t put eml.pm on it, because if my main server goes down, and DNS, my email redundancy becomes futile.

Email Redundancy

I recently wrote a blog post about email redundancy, sort of explaining it. So I use OVH’s included email forwarding and have it set so some addresses forward to other email providers (ProtonMail).

When OVH gave me the records I needed to add to my DNS to allow for forwarding, I changed them a tad.

OVH wanted me – from memory – to put their primary server at an MX priority of 1, and secondary at an MX priority of 100. Instead, I put their primary at 30, and secondary at 50 (my main one is at 10).

This mean if an email is not able to reach my main server, it’ll then go to OVH’s primary, then OVH’s secondary. I took down my email server and did a test – this all works.

Email Clients and Webmail

For a long time, I used Rainloop webmail, I still actually have an instance installed on my Nextcloud instance. But, I recently found something much better: Roundcube. I can’t recommend Roundcube enough, it’s modern, fast, responsive, and supports hundreds, if not thousands of great plugins.

As a local email client, I use Thunderbird. It’s not perfect, but I like it.

Summary

In summary, I really like my email system. I do pay around £5/mo for it, but have 200gb storage and loads of other great features. It’s cheaper than any of the privacy-based mail providers, and I pay in cash, not with my privacy.

03/03/202104/03/2021

Easy Email Redundancy to Put Your Mind at Rest

So, I run my own email server – and I love doing so. Whilst there are issues, inconveniences, and all the rest of it, I do enjoy running my own system. But my email server runs on the same server as everything else – and that’s an issue, as I tend to break things.

I’ve previously received no emails for 24 hours, and only realised after said 24 hours – and that’s sucked. So I wanted a solution, my first instinct was just a new VPS, to pay £4.20/month for some low-spec VPS from OVH; but that wasn’t really sustainable or cost effective.

Today I had a revelation – I realised what MX priority was!

In essence, when you add an MX record in your DNS manager, you set it a priority. When someone sends you an email and your MX record is checked through your DNS server, it first tries to send it to the domain at the record with the lowest priority, then works its way up – the higher the number, the later it’s tried.

So here’s an example of a standard email setup (excluding TTL), for the example domain for example.net:

TYPE   DOMAIN                       PRIORITY
MX     mail.server1.example.net.    10
MX     mail.server2.example.net.    50

So an email being sent from – for example – tom@example.org to jo@example.net would first be sent to the mail server at mail.server1.example.net. If this works, nothing more would be done, and it would be delivered as usual. If this didn’t work, it’d be sent to the backup server at mail.server2.example.net.

So in my example, OVH included free email forwarding with my domain (the majority of decent registrars do). This meant I was able to set mine up as follows:

TYPE   DOMAIN                PRIORITY 
MX     mail.eml.pm.          10
MX     mx4.mail.ovh.net.     30
MX     mx3.mail.ovh.net.     50

I have the OVH records set to just forward emails to my address to a Yahoo account I don’t use. You could use ProtonMail or another more privacy-focused provider, though.

EDIT: OVH decided to overwrite all of my DNS records – oh the joy. I didn’t notice for ~8 hours… now switching to HE.net.

01/03/2021

Notes on Linux for Beginners

Linux, for beginners, is daunting. I personally first used a Raspberry Pi, running Raspbian, and, coming from Windows, I didn’t really get it.

After following tutorials and messing about with web servers, media servers, and lots more, I began to understand a few commands, and learnt about things like GRUB, desktop environments, apt-get and other package managers, etc.

But I still felt that things the Linux community wouldn’t shut up about being great… weren’t. For example, I installed programs through the command line with apt, but hated it, and swore by the janky Windows method of scouring the web for executables, using a USB, or something of the sort.

In reality, it was more secure and made updating far easier, plus, everything was just there and worked.

Package managers don’t seem great to beginners because they’re more complicated – or look it – when used from a command line than Windows’ method. One way for beginners to soften the learning curb may be to use a GUI for updating and installing, I personally prefer the command line 99% of the time, but most distros people start on (like Ubuntu) do come with half-decent GUI programs just for this.

Here’s the one I have on POP!_OS (called POP!_Shop):

Another thing a lot of beginners don’t like, nay hate, is LibreOffice.

LibreOffice isn’t bad, per se, it’s just not Microsoft Word, and it really does mess up rendering and fonts of a lot of .docx and .pptx files. An absolutely phenomenal alternative is OnlyOffice.

OnlyOffice is a three-in-one office suite, featuring a PowerPoint, Word, and Excel alternative. All of them are well made, fast, light weight, and render Office-made stuff so well it’s unfathomable.

You might also notice some… design similarities… between OnlyOffice and Microsoft Office:

Oh, and, of course, it’s free and open source, the code is on GitHub.

Anyway, when I started using Linux distros, that was what had me – a decent office suite, and package management.

28/02/202128/02/2021

A Domain To Watch: SaveAmerica45.com (Registered by Trump)

Donald Trump’s campaign, I believe, recently registered SaveAmerica45.com.

On 23rd January, 2021, the domain was registered with GoDaddy before the nameservers were changed to Cloudflare, and the MX server Outlook. The domain also now redirects to donaldjtrump.com.

Trump is currently running some “Save America” campaign, and I suspect he may run it from this domain, or maybe it’s being used for email, or something else.

The registration and DNS trends follow his other domains exactly, these are: DNS with Cloudflare; domain with GoDaddy; email with Outlook.

EDIT: It seems some media has picked up on this (https://www.huffingtonpost.ca/entry/trump-cpac-fundraising_n_603aa9e3c5b617a7e40e172f)

08/02/202101/03/2021

How To Fix Grub Rescue Error

Picture this: I woke up, 8:30, a nice, snowy winter morning. I have a live lesson at 8:45. Not an issue, it only takes 10 minutes to get up.

I get out of bed, boot my computer, and, “ah fuc-“. Grub, everyone’s favourite bootloader, had broken. Again. This is about the 8th time it’s happened to me in 2 years – though admittedly it was my fault each and every time.

Only once, out of eight times, had I managed to fix this error. I was not optimistic.

I sat through my geography class, completing the lesson on my laptop. With this right in-front of my face:

(ignore the commands I had tried to run; they didn’t work)

After some ~~Googling~~ Qwanting, and a few failed attempts at using whatever I had booted into, I had an idea.

On my ThinkPad, I flashed a 32gb USB with a POP!_OS image (any Debian/Ubuntu distro should work) that I already had in my downloads folder.

I then booted into this from my computer (search “[computer model] boot from USB” if you’re unsure), and ran these commands:

sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair

I then selected the top option, or whichever the one not mentioning forums is.

Boot-Repair then repaired Grub! I did actually get an error, which was odd, but everything worked just fine after a reboot.

Maybe try them steps for yourself, I was so relieved to have sorted this!

I hope this helps, since I know how awful a situation Grub deciding to kill itself (or you killing it) can be.

21/01/202121/01/2021

North Korean Internet Stuff

North Korea is known for a lot of things, chief among them is its peoples total isolation from outside influences such as the internet. North Koreans, or around the 10% of the country that lives comfortably, instead, mostly, has access to the North Korean intranet – the Kwangmyong.

This post just shows a few interesting things I found about North Korea’s internet.

Domains

Since September 2007, North Korea has had the ccTLD (country-code top-level-domain) .kp, following its ISO-3166 code of KP. North Korea initially applied in 2004, though ICANN refused due to it not meeting some requirements. It once again applied in 2006, though this was also denied.

After North Korea finally got its ccTLD in September 2007, it took 3 years for North Korea to get the domain registration system to function.

International registration of domains is strictly forbidden, and, in fact, Start Joint Venture Company, a government owned enterprise whom runs .kp, no longer even has a website. The closest thing that can be found today is an archive of star.co.kp from 2011.

.kp does not have a WHOIS server; though this is not that uncommon for under-developed, poor countries, it is far more uncommon to not even have a web-based version,.

Domain registration is allowed under several second-level domains:

Second-level ccTLD	Purpose
.aca.kp	Academic and research institutes
.com.kp	Mostly commercial organisations, and some government propaganda agencies
.edu.kp	Institutions of higher education
.law.kp	Legal firms
.org.kp	Organisations
.gov.kp	North Korean regime
.rep.kp	Party’s propaganda agencies
.net.kp	Network-related companies and email
.sca.kp	Institutes affiliated with the Ministry of Culture

As of 2016, there were 28 registered .kp domains. These were:

airkoryo.com.kp.
cooks.org.kp.
friend.com.kp.
gnu.rep.kp.
kass.org.kp.
kcna.kp.
kiyctc.com.kp.
knic.com.kp.
koredufund.org.kp.
korelcfund.org.kp.
korfilm.com.kp.
ma.gov.kp.
masikryong.com.kp.
naenara.com.kp.
nta.gov.kp.
portal.net.kp.
rcc.net.kp.
rep.kp.
rodong.rep.kp.
ryongnamsan.edu.kp.
sdprk.org.kp.
silibank.net.kp.
star-co.net.kp.
star-di.net.kp.
star.co.kp.
star.edu.kp.
star.net.kp.
vok.rep.kp.

It’s worth noting that we know of at-least 1 domain that has since been added: pyongyangtimes.com.kp.

Email

From all the research I have conducted, I can only find one domain that is used for email, and it’s once again run by Star Joint Venture Company: star-co.net.kp.

On practically all North Korean websites, @star-co.net.kp email addresses can be found. For example, on the propaganda news website of pyongyangtimes.com.kp, the email address flph@star-co.net.kp can be found at the bottom.

The domain star-co.net.kp resolves to nothing as it has no IP address attached, however it does have the following DNS records:

star-co.net.kp        MX      smtp.star-co.net.kp      10
star-co.net.kp        MX      smtp2.star-co.net.kp     20

Disclaimer

All information about anything North Korean should be taken with a pinch of salt. It’s very difficult to gather accurate information about the world’s most secretive regime, accordingly, I have cited all of my sources and have stuck to reliable information.

20/01/202120/01/2021

Lynx: a Terminal Web-Browser

I’m not sure what I should call this, but recently I came across Lynx, and thought it was pretty decent software.

Lynx is a terminal based web-browser, that is surprisingly usable(ish)! I managed to do a lot of my day-to-day tasks using Lynx (reading Wikipedia, blogs, searching with Qwant), and now I think about it, maybe I should write the rest of this post in it – let’s try that!

Sadly, no such luck. I could probably write the post by installing the Classic Editor Plugin or by editing the database itself with some JavaScript-less web-app, but that’s too much effort.

If you’re looking to tinker with Lynx, here’s a list of sites that work:

Google (google.com)
Qwant Lite (lite.qwant.com)
CNN Lite (lite.cnn.com)
Wikipedia – redirects to ‘alternative Wikipedia’ (wikipedia.org)
Jacob Sammon (jacobsammon.com)
Unfathomable (jacobsammon.com/blog/)

All in, it’s an interesting piece of software and a bit of fun to play around with. I’m not sure how useful this’d be day-to-day, because sites like YouTube certainly don’t work.

Lynx’s biggest flaw is its lack of JavaScript, it renders so much of the web futile.

Realistically, Lynx is designed to be used by a small group of geeks whom are very big on privacy; spyware.neocities.org gives Lynx a rating of ‘not spyware’ – which is always nice.

20/01/2021

Poetry is Stupid

Writing should have a meaning. A set and simple one. At the point which literature must be interpreted, it has failed its most basic purpose, and poetry must be interpreted, therefore it has failed its most basic purpose.

You get for more out of reading a book about practically anything than by reading poetry, hell, I’m fairly certain you’d get more out of a toddler’s picture book.

10/01/202110/01/2021

Briton Wanting A European Domain Post-Brexit? Here’s How

On December 31st, 2020, at 23:00, over 66,000,000 people lost access to registering domains under ccTLDs like .eu, .fr, pm, .it, and many others. This is because the UK left the EU transition period, and, in-turn, access to many European countries domains, and the EU’s .eu domain.

Whilst this is all gloomy, especially for those of us that rely on a European domain (eml.pm for me), there is a solution: domain proxies. A proxy service, usually for a fee, essentially registers a domain on the behalf of an individual/institution from a country where the domain is able to be registered, and allows you full control over it.

You should check the situation with the domain you have by contacting the country that runs the ccTLD you own (you can find these by looking at the article for your ccTLD on Wikipedia).

Do note that some countries are continuing to allow registrations and renewals from Brits, others are only allowing renewals, and others are deleting Brit’s domains (namely .eu). It all depends on what domain you have; so do some research.

In my case, my domain is a French one, meaning AFNIC control it. AFNIC have said that they will not delete any domains registered by Britons before the end of the transition period (31/12/2020), however, when I emailed them, they said I would not be able to renew my domain after it expires in 2022.

So my plan is to, a few months before it expires, move the domain to INWX, a German domain registrar. INWX offer a domain proxy service for several European domain at a reasonable price – just €2.50/year for .pm, compared to around €40/year with 101Domains.

In summary, if you want a European domain post-Brexit, a domain proxy is often your best choice.

30/12/202010/01/2021

The World’s Big-Tech Dependence

Every 3 years or-so, Google goes down. Sometimes for a minute, sometimes for an hour.

The most recent example of this was when the majority of Google’s services went down for an hour in December 2020. Gmail, YouTube, Google Sites, Google Search, Google Drive, gSuite – all, and more, gone.

What these outages show us is the sheer power that so-called ‘big-tech’ holds over our lives and businesses. Our communications, entertainment, education, livelihoods all rely on big-tech.

I’m going to give you an unlikely scenario now: Google disbands. Can you imagine the chaos? On my old blog, I wrote a post about just how scary this would be; it’s a scenario that haunts me.

The modern-day technological world relies far too much on just ~~four~~ five companies. Microsoft, Amazon, Google, Apple, and Facebook. We use these companies for the software that makes our computers and phones work, the way we communicate, the way we live our lives, our public services (ie hospitals, airports). Amazon isn’t usually included in the list of big tech companies, but such a huge amount of the web uses Amazon Web Services (AWS) for hosting that I couldn’t not mention them.

One major cyber attack (cyber-war would be a more appropriate term to use), say from, oh, I don’t know, Russia, China, or North Korea, for example, could reap devastation across our economy and cut off our communications; it would fundamentally change our lives. And it’d only take five companies to be targeted; don’t get my wrong, I hardly see this as possible, but it could happen.

I recognise this threat. And so should you. I’ve cut my big-tech reliance as much as I possibly can. I run most of my stuff from my own server, eg this blog and my email server.

It’s not as hard as you may think to move away from these dangerous technological giants, and it’s well worth the small price you pay – both in a metaphorical sense, and a real sense (it costs me about £5.50/month for my self-hosted stuff).

The web wasn’t meant to be dominated by five companies; don’t let it be.