Category Archives: Articles

Should you use a VPN? And other resources

A good friend of mine recently emailed me with the following question:

I’ve been working out of coffee shops a good bit and I think it would be a good idea to use a VPN for a more secure connection. Can you point me to a good resource on how I can do that?

As I was responding to his email, I realized that this short, introductory information on VPNs (and why you SHOULD use one) could be helpful as a blog post. So without further ado, here is (an edited) version of the email I sent in response to the above question:

Short answer:
I would definitely and strongly recommend that you use a VPN.

Longer answer:
While you’re thinking about a VPN for your computer, you might also consider a VPN for your phone as well – that is, if you connect your phone to coffee shop WiFi.

Personally, I run my own VPN server because I don’t trust (nor am very familiar with) 3rd party VPN providers. There’s a ton of services out there that offer VPN for a small fee (usually, monthly). My VPN server sits here in my home office and routes my internet connection completely through my home internet when I use it. So, I’m sitting in a coffee shop, I connect to my VPN, the traffic between my computer and my house is encrypted and secure, and then from the perspective of the websites I visit, it “looks” like I’m sitting at my desk at home.

Obviously I don’t expect you or the average person to know how to setup your own VPN server. But if you’re going to choose to go with a VPN service, you need to make sure you go with a reputable source. Generally speaking, VPN technology can be very weak (if configured improperly), or very secure (if configured properly).

Lots of 3rd party providers don’t do a good job with security (hence the reason I distrust 3rd party providers by default). I use an open source technology called OpenVPN (https://openvpn.net/) for my software, and then as I mentioned earlier, the server itself is located at my house. So I have fully configured and secured my own server.

This looks like a really good place to start, in terms of searching for 3rd party providers. I generally trust CNET, and like most of the things they put out: https://www.cnet.com/best-vpn-services-directory/. Another resource that looks like a good introduction is:  https://www.pcmag.com/article2/0,2817,2403388,00.asp

Based on the above resources, and (briefly) reviewing their websites, NordVPN or StrongVPN would probably be my recommendation. I don’t know anything about these guys, but this looks like a reasonable option, that is also based on the OpenVPN software: https://www.privatetunnel.com/pricing/

It looks to me like you’d be paying about $5/month for the above services.

Do you use a VPN? If so, is it self-hosted, or do you use a 3rd party VPN service? Who is your service through, and why do you use it? Let me know in the comments!

Share

Fighting Spam: Block entire (T)TLD with Postfix

A Top-Level Domain (TLD) is at the highest level of the Domain Name System (DNS) structure. The domain .com is a TLD. So is .org, .net, and .biz.

I’ve presented on DNS (and BIND) – you can click the link to view my PDF slides (and you can view a listing of all of my posted workshops at https://developcents.com/knowledge-base/#workshops). You can also read an old blog post I wrote on an introduction to DNS & IPv6 at https://developcents.com/2013/10/28/introduction-dns-ipv6/.

But back to this topic… There are a lot of new TLDs, such as .bid and .science. At Develop CENTS, we’ve noticed that spammers are the only ones sending email from domain names inside many of these TLDs.

In an effort to curb this spam, we block email coming from many of these TLDs completely. Here’s how you can too (these instructions are for CentOS servers, but can of course be adapted to your your particular Linux distribution and wherever your Postfix configuration files are located).

1. Create a file in /etc/postfix, and name it “reject_domains”
(vim /etc/postfix/reject_domains)

2. Here are the current contents of our reject_domains file – it’s growing, but we currently are blocking email from 15 different TLDs:

/\.pro$/ REJECT We reject all .pro domains
/\.date$/ REJECT We reject all .date domains
/\.science$/ REJECT We reject all .science domains
/\.top$/ REJECT We reject all .top domains
/\.download$/ REJECT We reject all .download domains
/\.work$/ REJECT We reject all .work domains
/\.click$/ REJECT We reject all .click domains
/\.link$/ REJECT We reject all .link domains
/\.diet$/ REJECT We reject all .diet domains
/\.review$/ REJECT We reject all .review domains
/\.party$/ REJECT We reject all .party domains
/\.zip$/ REJECT We reject all .zip domains
/\.xyz$/ REJECT We reject all .xyz domains
/\.stream$/ REJECT We reject all .stream domains
/\.bid$/ REJECT We reject all .bid domains

3. Edit /etc/postfix/main.cf and add the following line:
smtpd_sender_restrictions =
check_sender_access pcre:/etc/postfix/reject_domains

4. Reload Postfix:
postfix reload

You’re done. Hopefully this will help you combat spam too.

Need help with your Linux web or email server? Contact me at https://developcents.com/contact/ to start a conversation.

Share