--- Log opened Fri Jan 21 00:00:28 2022
05:59 <@Dolemite> mr0ning, be0tches and h0ez!
07:39 < Evilpig> fuckin' customers
07:40 < Evilpig> I completed a work order back in october to add some nfs mounts to a system
07:40 < Evilpig> this morning I got a high priority page because those mounts aren't working and they are in the middle of some big weblogic change from old servers to new
07:41 < Evilpig> the ACL for the nfs mount was never updated by storage so these don't have access and NOW it's an emergency because they're in the middle of the change and nobody vetted their environment in the previous three months
07:45 <@Dolemite> Well I guess I'm going to go with spinning up a VM here at the house to run mail-in-a-box and then route all the outbound email through my Digital Ocean droplet once the IP block gets removed from the dnsbl over in Germany that decided to add it.
07:47 <@Dolemite> Mail-in-a-Box is pretty freakin' sweet in terms of it all being tightly integrated, but I don't like having my DNS tied to a single box, so that's the one part I'll skip
07:49 < Evilpig> might look at running https://www.mailcleaner.org/ in front of that
07:49 < PigBot> MailCleaner - Open source Anti spam & Antivirus gateway - Email Filter (at www.mailcleaner.org) https://tinyurl.com/y7k3mrkt
08:06 <@Dolemite> Do you run your email out of home?
08:09 <@Dolemite> The whole outlook.com vanity domain rules are horseshit.   You also can't add in DKIM signing for the family account domains.
08:48 < Evilpig> My email is through office365 but I was looking to move it to the family plan but that vanity domain thing is a full stop
08:48 <@Dolemite> yeah
08:48 < Evilpig> it doesn't do dkim either?  because I have that also set up
08:49 <@Dolemite> Looking at Amazon WorkMail now
08:49 <@Dolemite> Correct, no dkim signing for your vanity domain
08:49 < Evilpig> I have all the mail hit here and run through mailcleaner, then I forward to o365
08:50 <@Dolemite> But I'm fighting two fires now, because I realize that Digital Ocean has apparently started blocking port 25 inbound on the droplets to combat spam...   which I didn't get notified about
08:50 <@Dolemite> But of course I'm blocked on port 25 outbound here by my ISP
08:51 < Evilpig> jesus that's a mess all around
08:51 <@Dolemite> Do you know if your connection blocks port 25 outbound?   Can you see if you can connect to repo.opendcim.org:25 via telnet?
08:51 < Evilpig> you can get around that by using ssmtp
08:51 <@Dolemite> I have 587 enabled already
08:52 < Evilpig> Starting Nmap 7.70 ( https://nmap.org ) at 2022-01-21 08:52 CST
08:52 < Evilpig> Nmap scan report for repo.opendcim.org (138.197.14.138)
08:52 < Evilpig> Host is up (0.028s latency).
08:52 < Evilpig> PORT    STATE SERVICE
08:52 < Evilpig> 25/tcp  open  smtp
08:52 < Evilpig> 587/tcp open  submission
08:52 < Evilpig> Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
08:52 < PigBot> Nmap: the Network Mapper - Free Security Scanner (at nmap.org) https://tinyurl.com/h7sk2rg
08:53 <@Dolemite> ok, so they must only be blocking it on new accounts
08:54 <@Dolemite> but one of the DNSBL providers has their entire IP block currently listed, so my attempt to forward to outlook.com bounced
08:55 <@Dolemite> It really pisses me off that you go through the effort of setting up DKIM, SPF, and DMARC - which are much better tools for battling spam - and the big cloud providers still use the sledgehammer approach of blacklists
08:57 < Evilpig> how did call me kat get a second season?  it really hasn't gotten any better
08:58 <@Dolemite> I was confused by that one
08:59 <@Dolemite> They must have had to promise 2 seasons to get Mayim to agree or something stupid like that
08:59 <@Dolemite> Even Pamela stopped watching it
09:00 < Evilpig> on the other hand this "Ghosts" show tickled the shit out of me this week.  http://www.thetvdb.com/?tab=series&id=400267
09:00 < PigBot> Ghosts (US) - TheTVDB.com (at www.thetvdb.com) https://tinyurl.com/y9ep6qou
09:06 <@Dolemite> Have you been watching American Auto?
09:06 < Evilpig> never heard of it
09:07 <@Dolemite> Check it out.   It's a new series from the creators of Superstore.
09:07 <@Dolemite> One of the main characters is played by the warehouse guy from Superstore.
09:07 < Evilpig> grabbing it now
09:23 <@Dolemite> ok, mail-in-a-box won't run on anything newer than ubuntu 18.04, so that one's out the door
09:32 <@Mirage_> What's wrong w/ just running sendmail?
09:34 <@Dolemite> Mirage_: other than it being sendmail?    The fact that I need something that my wife and parents can use from both web browsers and mobile devices
09:36 <@Dolemite> Unfortunately we've been deep into the G Apps ecosystem for 15+ years, so unraveling all of that takes a lot of effort...   but damn, $6/month/user turns into a major amount pretty quick, especially for infrastructure that's all automated on their end
09:37 <@Mirage_> My aunt/uncle/cousins don't have any problems getting their email from my sendmail+IMAP and Squirrelmail for web access.
09:41 <@Dolemite> Well it would definitely never be sendmail.   Postfix, yes.   Sendmail, fuck no.
09:42 <@Dolemite> But that's similar to what I'm doing, only it's Postfix + Dovecot + Roundcub + SOGo + SpamAssassin + ClamAV + LDAP (for virtual users)
09:42 <@Dolemite> Because given how shitty of a password my family members use, they won't have actual account entries on my VM
09:43 <@Mirage_> I don't like Roundcube for one specific reason, which is that (in the past at least) you can't set the IMAP target in the config and block users from making changes or adding whatever the hell they want to it.
09:44 <@Dolemite> Roundcube has made quite a lot of updates in the past couple of years.   I haven't got mine up, yet, but I'll look for that.
09:45 <@Mirage_> I still used DSpam+ClamAV, which hasn't been updated in ages, but still works just fine
09:46 <@Mirage_> And of course I use the old classic Washington IMAP vs Dovecot.
09:48 <@Mirage_> I do just create local users for ppl and set aliases for vanity mail names, but they all get /sbin/nologin for a shell and don't get added to any of the access control groups for anything.
09:50 <@Mirage_> And yes, once again I'm confirming my membership in the 'newer != better' crowd.  
09:56 <@Mirage_> Snagged Ghosts, so far I hate the husband.
09:59 <@Mirage_> Evilpig: Ambassodor kit finally showed up
09:59 <@Mirage_> Took about a month and a half.
10:08 < Evilpig> nice.  so you have your cards now
10:08 < Evilpig> Mirage_: the husband amuses me the more he's around
10:10 <@Mirage_> She has hers.  I'd already bought some cardstock and printed out a few for her from the PDF they had linked in her profile.
10:23 <@Dolemite> Are you now a Maker's Mark Ambassador?
11:14 < Evilpig> fuckin' hell
11:14 < Evilpig> just got another email from the elementary school about covid
11:14 <@Mirage_> Dolemite: No, I signed the wife up for it as a xmas gift.
11:15 < Evilpig> last email was two days ago on the 19th.  total cases for the year #43.  today.... #57
11:15 < Evilpig> it's the gift that keeps giving each year too.
11:16 <@Mirage_> It's decidedly difficult to figure out what to get for occasions when you don't really need anything and get stuff for each other throughout the year anyway.
11:16 < Evilpig> same problem we have here
11:16 < Evilpig> I got her a gift card to sperry's
11:17 < Evilpig> technically I got it because I was at costco and at christmas they have those $100 gift cards discounted to $80 so I was like, hell yeah.
11:51 <@Dolemite> Mirage_: I hear ya.   I have no idea what to get the wife for our anniversary, other than a card and some flowers.   I already got her some new jewelry when we were in Cozumel last month.
12:33 < Evilpig> Mirage_: this american auto is very much like superstore, but I see that justin spritzer is in the credits so that makes sense for the format
12:33 < Evilpig> another updated "office"
12:42 <@Mirage_> Evilpig: that was Dolemite.  I haven't watched either of those...and never really likesd "The Office"
12:52 <@Mirage_> In a way I kinda envy all the people dying right now for one main reason, they don't have to deal with all this stupid bullshit anymore.
13:09 < Evilpig> I hear that
13:10 <@Mirage_> I think Anderson Cooper summed it up nicely, "Like a clown car on fire."  That was only pointed at one thing, but it fits so many others.
13:37 <@aestetix> https://www.al.com/news/2022/01/alabama-tops-45-covid-positivity-rate-among-highest-in-nation.html
13:37 < PigBot> Alabama tops 45% COVID positivity rate, among highest in nation - al.com (at www.al.com) https://tinyurl.com/ydg4py56
13:37  * aestetix hugs Dolemite 
13:37 <@Dolemite> "Biden isn't doing enough to tackle Covid!"
13:37 <@aestetix> I mean
13:37 <@aestetix> I watched the entire press conference
13:37 <@aestetix> I thought he did a good job
13:37 <@Dolemite> You can't fix stupid
13:38 <@aestetix> but I guess that makes me a communist... or a nazi...
13:38 <@aestetix> not sure which
14:25 <@Dolemite> So apparently Hotmail/MSN/Outlook decided in 2020 to basically block everybody (including AWS, or maybe especially AWS) and then require that you request an unblock for your IP.
14:26 <@Dolemite> So if you need to deliver to outlook.com you have to put in a ticket and work it with them.   There are several very long threads on discussion boards that back that up.
14:26 <@Dolemite> I have finally reached the "Real Human" stage, so hopefully not much longer for me.
14:38 <@opticron> aestetix, we're number one! hooray!
14:38 < Evilpig> "Biden isn't doing enough ..."  insert generic statement without any valid points to where he could do better
14:39 < Evilpig> and then for the ones that aren't even bothering to look into current events "Sleepy joe doesn't even know the camera is on"
14:39 < Evilpig> or "Does Biden know that he's at the podium?  Who is letting this old man with dementia talk?"
14:40 <@aestetix> Evilpig: god forbid he pauses to think through what he's about to say before he says it
14:41 < Evilpig> or make a mental stumble going from one point to his next.  I get the bashing on trump for his fumbles but that motherfucker just kept on going... covefe
14:58 < Evilpig> Dolemite: you use containers. blech.  when docker pulls an image from a registry, https?
14:58 < Evilpig> anything special there or is it just an http(s) connection ?
16:00 < eryc> someone did a deep dive on what docker does with the registry but i believe its just https
16:03 < eryc> https://docs.docker.com/registry/spec/api/#overview
16:03 < PigBot> HTTP API V2 | Docker Documentation (at docs.docker.com) https://tinyurl.com/o5jc6xc
16:03 < eryc> can't find the blog post i read
16:13 < Evilpig> it was http.  our firewall guys just suck
16:14 < Evilpig> we were working on deploying red hat openshift completely automated via vsphere and were hitting issues with it loading containers because of egress blocks
17:40 <@Dolemite> Evilpig: by default the docker command tries https
17:40 <@Dolemite> Are you using an internal registry?
17:54 < Evilpig> we will have an internal registry and also a walled garden curated by red hat
18:17 <@Dolemite> Ok, well the internal registry, if setup correctly, should be using https as well
18:18 <@Dolemite> But you definitely want one...    don't want to have a hard fail on being able to start up essential services because the network connection to Docker Hub went down.   heh.
18:18 <@Dolemite> We use Harbor, which is open source contribution from vmWare.   https://harbor.io
18:20 <@Dolemite> But your folks will likely follow along with the RedHat branded one, Quay
18:21 -!- PigBot [~PigBot@wilpig.org] has quit [Read error: Connection reset by peer]
18:21 -!- PigBot [~PigBot@wilpig.org] has joined #se2600
18:37 < Evilpig> We have an internal registry set up with gitlab so that will be allowed
18:37 < Evilpig> quay is already in the mix from our PoC
18:52 <@Dolemite> Time to visit Fraggle Rock
18:56 < eryc> https://ossindex.sonatype.org/
18:56 < PigBot> Sonatype OSS Index (at ossindex.sonatype.org) https://tinyurl.com/ybtuefbo
21:51 -!- Dolemite [~scott@user/dolemite] has quit [Read error: Connection reset by peer]
21:55 -!- Dolemite [~scott@h96-60-57-195.cncrtn.broadband.dynamic.tds.net] has joined #se2600
21:55 -!- Dolemite [~scott@h96-60-57-195.cncrtn.broadband.dynamic.tds.net] has quit [Changing host]
21:55 -!- Dolemite [~scott@user/dolemite] has joined #se2600
21:55 -!- mode/#se2600 [+o Dolemite] by ChanServ
--- Log closed Sat Jan 22 00:00:29 2022