[Cerowrt-devel] in the post-cisa world
dave at taht.net
Mon Feb 15 14:16:18 EST 2016
I have been considering exiting the cloud as much as possible for my
personal email in particular, and since storage tends to be expensive in
the cloud, to keep that also locally for at least some stuff.
Barrier #1 to doing that is that comcast blocks port 25 on residential
links (I want to upgrade to business class after I can get a dedicated
ipv6 allocation, which I hope they will start to offer soon. It is not
clear if you can get both a dedicate ipv4 ip and ipv6 ip or just a
Even then, though, barrier #2 - the prospect of being a drive-by spam
target - bothers me, so having a box in the cloud that can "turnaround"
and rate limit stuff from port 25 there to my vpn here seemed ideal...
except that good anti-spam requires that there be a reverse lookup on
the origin ip and spf record that you lose that way, before you can get
as far as starttls. I thought of maybe leveraging xnetd to do the rate
limiting and turn around bits, and have it fire off some sort of script
to do the verification, or/and now I'm looking over the "postscreen"
utility in postfix - am allergic to store and forward...
The folk doing darkmail seem to be making slow progress.
As for vpn technologies, I have long longed to have one that was
FQ-compatible: one that did not serialize different flows. Openvpn and
ipsec are not particularly good that way.
It has long looked like tinc 1.1 was ideal for hacking on (the idea is
to listen and/or transmit on 1024 or more ipv6 addresses, and hash
different flows across those with a cake equivalent internal to the daemon)
There is a metric ton of other new technology like ipfs, maidsafe, etc -
cheap two factor authentication devices - damned if I know what the
future is going to look like. I played with whispersoft's stuff as well
as silent circle's. Tox is pretty neat, just needs the groupchat stuff
to finalize... (anyone trying that?) Etc.
More information about the Cerowrt-devel