That’s the period for which I have statistics on the spam and non-spam email that arrived at my mail server. Now that I’ve moved to a new cloud-based Exchange server it seems only appropriate to see how much garbage arrived between February 19, 2008 and July 20, 2013 (I was running my own email server for years before then, but I had to re-build my system and lost the earlier records).
I got my first Raspberry Pi the other day. For those not in the know, it’s a single-board computer — just barely bigger than a credit card — which runs Debian Linux.
It’s astoundingly cool to run a full-fledged version of Linux — including XWindows — on something that size. Particularly when it only cost $35 (well, the power supply is extra, but let’s not quibble about $10).
I bought the device because I need something to wake up my video server when the remote media extenders are trying to connect to it. Due to an oversight in the design of those extenders, they aren’t smart enough to do that automatically. But it’s a simple task to do within linux, using wakenonlan and xinetd.
I’m still working out a couple of glitches, but if I can get the Pi to fulfill this role that removes the last reason I have for running a linux server as my router/NAT/firewall at home. I’m looking to decommission the server, and the companion Windows 2008 server which runs Exchange, so that I can move my email setup to the cloud, simplifying the IT structure around here in advance of our move into a new home.
And, incidentally, saving some money on electricity :).
The high tech critical need detector was operating at its usual 110% efficiency over the last week while we were out of town on vacation. First our Onkyo TR 807N audio/video receiver decided to forget that it had speakers connected to it (as well as its connection to the internet). It’s not much fun watching recorded TV shows without sound, and call me old-fashioned, but watching TV with your family when everyone is plugged in to earbuds just isn’t the kind of togetherness I like.
But the bigger problem was that the arcabama mail server decided to stop processing email last Thursday. Because Exchange, the email server software, had thoughtfully noticed there was “only” 3 or 4 gigabytes of space left on the system drive. Right when we need to stay in touch with the UK Border Agency to shepherd my daughter’s student visa application through the system so she can hopefully start college in Glasgow in a few weeks.
There are several levels of irony here. When I installed Exchange several years ago I carefully configured it to store all of its information on a second, much larger hard disk. Or at least I thought it was set up to put all its data there. Turns out there’s a hidden storage subsystem that marches to the beat of its own drummer. That’s the subsystem that decided to shut down mail processing as a safety measure.
This being Microsoft software I’m not surprised there was a safety-first approach in place. But — again, this being Microsoft — it would have been better to make it easier to truly target everything to another drive (or drives) during setup. Just like it would have been nicer to make it easy to switch that kind of subsystem’s target. Turns out it’s not, when done “manually” per the documentation. Apparently so many customers had problems like I did that Microsoft finally released a special software tool to make the switch easy to do. I would’ve thought that a subsystem that could run out of disk space — particularly one that’s “sensitive” enough to know when it’s nearing its limit — would have been designed from day zero to make switching target disks easy. But I’m only a lowly customer, so what do I know?
The Onkyo problem was “solved” by rebooting the receiver. Turns out it’s a documented problem — leave your receiver powered down long enough and it forgets that it has speakers. Perhaps Onkyo wants to encourage people to watch more TV (“watch at least 2 hours a day or your system will fail!”).
Unfortunately, in researching the solution to the missing speakers issue I learned it’s related to a much more serious problem which can require a factory repair. Curiously, the failures tend to manifest themselves shortly after the equipment warranty ends. I guess spending almost $1,000 on a piece of A/V gear doesn’t buy you much quality.
Today I did my annual heart-in-the-mouth exercise of updating the SSL certificates which allow me to access my Exchange accounts remotely, either over the web or via my iPhone. This is more stressful than it needs to be because there ain’t no GUI for the operation. Instead, you have to use the Exchange Command Shell.
I found a couple of good starting points on the process at http://telnetport25.wordpress.com/2008/07/13/windows-2008-exchange-2007-renewing-an-existing-ssl-certificate-on-your-client-access-server/ and http://www.exchangeinbox.com/article.aspx?i=114. But neither explained that you have to enable the new certificate to be used by both IIS and SMTP before you can remove the old, expired certificate. Not a big deal, but worth noting.
The basic steps are:
- Generate a certificate signing request
- Acquire a certificate based on the certificate signing request (I like StartSSL)
- Import the certificate
- Get the thumbprints for the old, expiring certificate and the new one you just imported. These are necessary to enable or remove specific certificates.
- Enable the new certificate for both IIS and SMTP services
- Remove the old certificate
New-ExchangeCertificate -GenerateRequest -Path c:\myReq.csr -KeySize 2048 -DomainName [one or more comma-separate fully-qualified domain names, without quotes] -SubjectName “C=[country], S=[state], L=[local community], ou=[organizational unit; I usually use 'IT', without the quotes], cn=mail.mydomain.com” -PrivateKeyExportable $True
Import-ExchangeCertificate -path "[path to certificate file]"
Get-ExchangeCertificate | fl | out-file –filePath c:\certs.txt
You should be able to route the output anywhere, but for some reason I could only get this to work to the root of the C: drive.
Enable-ExchangeCertificate -thumbprint [thumbprint of new certificate] -services "iis,smtp"
You can do this in two separate steps (i.e., run it once for iis and once for smtp). If you forget to enable the certificate for the SMTP service, you won’t be able to remove the old certificate because it’s being used by the SMTP service. The actual error message refers to the Transport Service, but that’s what SMTP is for Exchange.
Remove-ExchangeCertificate -thumbprint [thumbprint of expiring certificate]
One of the reasons I like StartSSL is because, once you’ve authenticated yourself, you can get certificates for any domain you own for no additional cost. That really starts getting significant if you have multiple domains.