Coder, Sysadmin and BSD enthusiast.
Mail Server Hardening: DANE, DNSSEC, TLSA and Secure TLS on FreeBSD
Motivation Running your own mail server goes far beyond simply sending and receiving messages. With the rise of TLS downgrade attacks, spoofing, and SMTP traffic interception, adopting modern standards like DANE, DNSSEC, and TLSA is no longer optional for anyone who takes security seriously. This post documents the hardening process of a mail server running Postfix 3.11 on FreeBSD, all the way to achieving 100% on Internet.nl — with a Hall of Fame entry. ...
The Definitive Media Server Saga: FreeBSD, ZFS and Escaping Cheap USB Enclosures
The idea was simple: give a second life to two battle-hardened Seagate IronWolf 2TB drives (with over 6 years of continuous uptime) as a high-speed Media Server. The chosen “brain” was a Mini PC running the rock-solid FreeBSD. All I needed was a Dual Bay USB 3.0 external enclosure (DAS) to connect the drives. What I didn’t expect was that this simple premise would turn into a full-blown saga against haunted firmwares and terrible hardware quality — until I finally reached the perfect setup. ...
Field Optical Connector: What Nobody Tells You
It all started with a simple relocation. I needed to reposition my MikroTik RouterBOARD to make room for a DAS (Direct Attached Storage) that was on its way. Simple operation: disconnect the fiber, move the equipment, reconnect. Except when I removed the cable, the SC/APC connector ferrule got stuck inside the GBIC module. Simple problem, simple solution — or so I thought. The setup A quick context before diving into the saga: instead of using the standard HGU provided by my ISP, I use a GBIC module connected directly to the RouterBOARD, cloning the original equipment’s information. This approach gives me much more control over the network, superior stability, and proper IPv6 support — something generic ISP-provided HGUs in Brazil still struggle with. ...