Apparently I installed that thing in 2006 and I last updated it in 2016, then I quit updating it for some reason that I totally forgot. Probably laziness…
It’s been running for quite some time and we kind of forgot about it in the closet, until the SSH tunnel we use to get our mail outside our home stopped working because modern openssh clients refuse to use the antiquated key cipher I setup client machines with way back when any longer.
I just generated new keys with a more modern cipher that it understands (ecdsa-sha2-nistp256) and left it running. Because why not 🙂
- n2burns ( @n2burns@lemmy.ca ) 103•16 days ago
Because why not 🙂
Because security.
It’s behind a firewall. The only thing exposed to the outside is port 22 - and only pubkey login too.
And gee dude… It’s been running for 18 years without being pwned 🙂
- imPastaSyndrome ( @imPastaSyndrome@lemm.ee ) 73•16 days ago
It hasnt been pwned so far
- Possibly linux ( @possiblylinux127@lemmy.zip ) English8•16 days ago
For that matter, it hasn’t been ransomwared. There are so many ways to hide a compromise.
- ivn ( @ivn@jlai.lu ) 59•16 days ago
without being pwned
How do you know?
- Hupf ( @Hupf@feddit.org ) 23•16 days ago
There’s a file called /pwnedornot and it contains “no, you’re safe bro”
- n2burns ( @n2burns@lemmy.ca ) 50•16 days ago
And it’s not like it contains any sensitive information. I’m sure all your emails are just friendly correspondence with your pen pal.
- schizo ( @schizo@forum.uncomfortable.business ) English23•16 days ago
I’d still maybe build a modern OpenSSH package.
There’s been an awful lot of RCEs in the past two decades and uh, if that’s rawdogging the internet, I’m honestly shocked you haven’t been hit with any by now.
- Lucy :3 ( @30p87@feddit.org ) 19•16 days ago
How do you know? Do you constantly monitor running processes, performance and network connections?
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English17•16 days ago
sorry, but what kind of email server listens only on SSH?
- Possibly linux ( @possiblylinux127@lemmy.zip ) English5•16 days ago
How do you know? OpenSSH is pretty good but it isn’t impenetrable. Especially for almost 10 years.
- phoenixz ( @phoenixz@lemmy.ca ) 28•16 days ago
You send mail to Gmail and Hotmail and it’s actually accepted? How?
- Max-P ( @Max_P@lemmy.max-p.me ) 22•16 days ago
Patience. It really helps to have all the latest set up: SPF, DKIM, DMARC. Then after that it’s a matter of IP reputation, you can email the various blocklists and you wait for the rest of them to clear on their own.
I’ve had that IP for 10 years and it has never sent spam, and I’ve sent enough emails that people open that it actually does get through fine. I haven’t had to think about it for a long time, it just keeps on working. Barely had to even adjust my Postfix config through the upgrades.
- merthyr1831 ( @merthyr1831@lemmy.ml ) English26•16 days ago
Genuinely surprised when I see people running mail servers without issue. I suppose getting in relatively early means you’re not immediately sent to junk mail lists by the big players.
- Shdwdrgn ( @Shdwdrgn@mander.xyz ) English26•16 days ago
Unfortunately that’s not true. I’ve been running mail servers under my domain since around 2000, almost as long as Microsoft has been running Hotmail, and I was certainly following good standards like SPF and DKIM well before they considered such a thing… and yet Microsoft is the bane of my mail server’s existence. Despite no compromises resulting in spam blasts, MS still regularly shuts me out with no reason given and no hits showing on their monitors. If I can find their email address to ask what the problem is, I get a generic “your domain has been cleared” sort of reply but never any reason why they blocked me in the first place.
- kungen ( @kungen@feddit.nu ) 4•16 days ago
Do you have a “spammy” TLD?
- Shdwdrgn ( @Shdwdrgn@mander.xyz ) English4•16 days ago
My primary domain is something that people have blacklisted because four letters happen to partially match a word that could be spammy (how ridiculous is that?), however the mail servers (the ones they keep blocking) are attached to my computer business name which I registered in 2006, so there’s really no reason why they should block it for that reason.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English3•16 days ago
To be far you didn’t update for almost a decade. The large email provides fear you
- some_guy ( @some_guy@lemmy.sdf.org ) 16•16 days ago
It’s had a good run. Let the little guy have a rest. Whatever you replace it with will consume less electricity.
- Findmysec ( @Findmysec@infosec.pub ) English16•15 days ago
Family email server? Your family have an email server to themselves? You managed to deal with block lists over 2 decades and more?
My utmost respect to your dedication
- superkret ( @superkret@feddit.org ) 1•12 days ago
If it’s 2 decades old, it was probably grandfathered into all whitelists.
- limelight79 ( @limelight79@lemm.ee ) 15•16 days ago
I gave up running an email server long ago - I thought it was basically impossible because too many spammers were doing it for nefarious purposes.
- Charadon ( @Charadon@lemmy.sdf.org ) English10•16 days ago
Please tell you to at least have Freexian patches installed…
- Possibly linux ( @possiblylinux127@lemmy.zip ) English8•15 days ago
This is how massive botnets form
- Kabutor ( @Kabutor@lemmy.dbzer0.com ) 10•16 days ago
you name your servers with nuclear subs names?
I’m a kid of the cold war.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English8•16 days ago
I hope you get your data off and then burn it and everything around it. It could be easily compromised you knowing. It could easily be used for spamming
- GolfNovemberUniform ( @GolfNovemberUniform@lemmy.ml ) 6•16 days ago
That’s the power of Linux. It can work for decades without issues.
- UnbalancedFox ( @UnbalancedFox@lemmy.ca ) 3•16 days ago
Or 5 minutes and you pull your hairs out 😂 then reinstall because you screw up something without any idea how to fix it.
- GolfNovemberUniform ( @GolfNovemberUniform@lemmy.ml ) 3•16 days ago
You can screw up Windows Server too. My comment wasn’t about that.
- UnbalancedFox ( @UnbalancedFox@lemmy.ca ) 1•15 days ago
I know
- hamid 🏴 ( @hamid@vegantheoryclub.org ) 6•15 days ago
Believe it or not I’ve come into contact with Microsoft Exchange 2010 running on Server 2008 for 2000 days once. The company had ransomware.