• 2 Posts
  • 40 Comments
Joined 2 years ago
cake
Cake day: June 14th, 2023

help-circle
  • markOPtoSelfhosted@lemmy.worldNAS for SAS drives
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 days ago

    I dont expect to need more lanes for this nas. The drives are 12TB each and should me more than i need for what i plan to use them for.

    The biggest thing i was hoping to get out of a premade enclosure was lower power draw, but you’re right that I can just get old low power equipment, which should help










  • if you’re encrypting at rest you also have to consider where there encryption key is being stored.

    if you’re storing the encryption key plaintext on the same drive as the data, there’s not much of a point in encrypting.

    a TPM/HSM could solve the issue, depending on how far down the rabbit hole you need to go.

    EDIT: You could also encrypt the disk of the VM/Server hosting the app. similar situation.






  • No you can totally modify mail headers anytime you want to, just be prepared to get mail rejection if you’re not following current mail security best practices.

    I’d recommend just renting a cheap vps from vultr or something, then you can setup your mailserver to send from anything you like. That’s how my mailserver works. I pay like $3 a month, and its plenty of space for a single user mailserver (i have like 3 mailboxes)

    I did go through the work to setup dkim/dmarc/spf. Took a weekend, but wasnt too bad. My mail is received by gmail yahoo and Microsoft. I imagine doing the same with onion addressing would be complicated.



  • That is 100% what im saying, yes. The sending server needs to sign all messages with a private DKIM key where the public key is in a dns text entry. Then the reverse dns lookup for the mailserver needs to match the SPF txt record. Then your DMARC record has to match the dkim and spf settings.

    Ive set this up for exchange at work as well as my own personal mailserver, which is just a debian server running postfix and dovecot.

    When you want to use gmail as a mailserver for your own domain, you set these three things up so that your messages arent all blocked.

    Keep in mind, you do not need these to simply send and recieve messages, but if you want to interact with the rest of the world you do. Email is too easy to spoof, so everyone has agreed on these protocols for authenticity.