Desert Sapphire

A few problems to overcome

Posted on by Kenneth Ballard / 0 Comment

    Two years passed since I last looked at Desert Sapphire.

    I was supposed to do maintenance on it last year, but some badly timed food poisoning (when is it ever not badly timed?) on the day I arrived in Boulder City, Nevada, kept me from doing it. And the system’s owner never did anything with it for lack of knowledge. Meaning the system looked no less than disgusting when I got my hands on it to disassemble it.

    Most coolants NEED to be cleaned out of a system every year, whether you’re using soft or hard tubing. And the previous coolant was Mayhem’s X1 Clear, mixed from the concentrate.

    The owner also never properly kept the system free of dust and debris. He lives in a house with animals, but he kept the system near the floor. I wondered how the system was able to avoid massive thermal issues given the amount of dust and fur trapped between the fans and radiators. It was very, very bad. Never took pictures of it, though it would’ve been good having them as examples of now to NOT maintain a system.

    Had I had the time, I would have individually flushed the blocks and radiators with a gallon of distilled water each before reassembling the loop. I did take the time to disassemble the CPU block, though, scrubbing it with dish soap – metal polish would’ve been better.

    Before the overnight cleaning with Primochill System Reboot, I attempted to flush the system with distilled water. It was during the push flush that I discovered a couple fittings had developed leaks as well. Both of them were fittings on the pump and drain setup. That needed to be replaced, so I opted for a much simpler setup.

    I bought that T-split from Home Depot for under $3 (plus tax). That with a length of tubing and a spare compression fitting I had formed the new drain with the Bitspower valve. I would’ve preferred finding a brass fitting, but the white plastic fitting was all I could find. Sure it doesn’t look the greatest, but it works, and is much, much less expensive compared to a two (2)male-to-male rotary fittings and a 3- or 4-way fitting to make the split for the drain. Brass would’ve looked better, but, again, they didn’t have it in stock.

    For the overnight cleaning, I connected the pump directly to the GPU block, then bought the needed components the next evening to finish the assembly. To drain the loop, I had it spill out through the grate below it. I did not have the power supply installed at the time, so there was no danger – all pictures were taken of the final system before it was delivered back to the owner. I followed up by having the return from the radiator go into an empty jug for a distilled water rinse, doing my best to drain as much of the water out as possible – using the syringe to push air through the loop to displace the water.

    Wow I really missed focus with that picture…

    The rest of the loop looks about the same as before, following the same path. The only exception being the return from the front radiator to the reservoir. Note in one of the pictures above that I have a Swiftech SLI fitting between the pump and reservoir. This lowered the reservoir down such that I could have this type of direct return.

    The system is otherwise back in operation and working as expected. Again given what I saw when I started working on it this last time around, I’m really surprised he wasn’t having any kind of thermal issues. But I also directed the owner on how to avoid that becoming an issue in the future. And he also said he wouldn’t have the chassis so close to the floor.

    So this is likely to be the last iteration on this project depending on what the next year or two brings, and how well the owner keeps up on maintenance. This last visit was an opportunity to talk him through how to maintain the loop, and what he will need in the future – the plastic T-fitting will need to be replaced with the tubing.

    I’ve enjoyed working this project as I’ve learned a lot over the last couple iterations maintaining it. And hopefully the owner will be able to maintain it on his own.

    Impeachment

    They’re powers, not obligations

    Posted on by Kenneth Ballard / 0 Comment

    Cass Sunstein: “Pelosi’s Stance on Impeachment Needs Some Explaining

    The Constitution grants to the House of Representatives the “sole Power of Impeachment”. And later in Article II states that the President, Vice President, or any officer of the Executive Branch “shall be removed from Office on Impeachment for, and Conviction of, Treason, Bribery, or other high Crimes and Misdemeanors”.

    In the history of the United States, only two Presidents have suffered impeachment and a third came pretty close – Andrew Johnson, Bill Clinton, and Richard Nixon, respectively.

    One thing I feel a lot of people forget about the Constitution is simply that it grants powers and lays a framework for the Federal government. Granting that power, however, does not imply an obligation to exercise it – but when does a government ever refrain from exercising power it’s granted (and even power it isn’t legitimately granted)? There is very little of Congress’s enumerated powers that it is obligated by the Constitution to exercise. As an example, Congress was under no obligation to declare war against Japan following the Pearl Harbor attack. And Congress, conversely, could declare war on anyone absent any justification if it so desired.

    Yet when it comes to impeachment, in particular impeaching President Trump (and previously with President Bush), suddenly this power becomes an obligation, merely because those wanting to see Trump impeached are declaring it such.

    Recently Speaker Nancy Pelosi said this about impeaching President Trump:

    I’m not for impeachment. This is news. I’m going to give you some news right now because I haven’t said this to any press person before. But since you asked, and I’ve been thinking about this: Impeachment is so divisive to the country that unless there’s something so compelling and overwhelming and bipartisan, I don’t think we should go down that path, because it divides the country. And he’s just not worth it.

    Cass Sunstein, widely recognized as a constitutional expert, doesn’t seem to think the House of Representatives has any choice in the matter. That having the power to impeach the President means they have zero discretion and must act.

    Yet when they must act is largely up to interpretation!

    Under the Constitution, the grounds for impeachment are “Treason, Bribery, or other high Crimes and Misdemeanors.” Suppose that a president commits a clearly impeachable offense — by, say, committing treason or by using the apparatus of government to violate people’s rights and liberties. Suppose, too, that the president’s party remains intensely loyal to him, thinking, “True, he’s a jerk, but he’s our jerk.”

    In those circumstances, the Constitution does not license members of the House of Representatives to refrain from impeachment, on the ground that it would not be “bipartisan” and would “divide the country.”

    The Constitution absolutely and always licenses the House of Representatives to refrain from impeachment. They are POWERS, not obligations. And exercising power requires a degree of responsibility.

    Let’s go back to the idea that Congress could declare war against any foreign power, for any reason or none. The Constitution doesn’t say Congress has the power to declare war only with sufficient justification. It says simply that Congress has the power to declare war. Full stop. Exercising that power is entirely up to Congress and their discretion.

    In this light, it defies belief to think that the impeachment process is purely “political” — or that the House of Representatives may decline to proceed against a president who has engaged in treason, produced “the most extensive injustice,” or otherwise committed a clearly impeachable offense.

    Except the impeachment process IS political since it is entrusted to a political branch rather than the Courts. In the two instances in which it has been exercised against a President, it occurred for political reasons, regardless of the evidence or justification behind the charges.

    President Clinton demonstrably perjured himself, but his impeachment is continually misrepresented as having been about his affair with Monica Lewinsky. Despite the demonstrable perjury, though, that it was a Republican-led House that impeached him shows it was political. A Democrat-led House would not have considered impeachment.

    Republicans in both instances of impeachment passed articles against a Democrat President. And a Democrat-led House pursued impeachment articles against Nixon. In no instance has a House of Representatives considered impeachment articles against a President with the same party.

    So how is impeachment not political? Though I’ve said that impeachment is not to be used as a substitute for political or electoral failure, it is wielded by a political branch of the government, making it de facto political.

    This is beyond true with Trump given that Democrats have been talking impeachment since before he was even inaugurated!

    And to say the House of Representatives has zero discretion when it comes to impeaching a President goes against the very wording of the Constitution. Nowhere in the Constitution does it say the House has any obligation to impeach a President who has committed “treason, bribery, or other high crimes and misdemeanors”, only that they have the power to do so.

    Power does not mean obligation.

    Just as prosecutors are free to exercise discretion in whether and what charges are brought against a particular defendant, and generally won’t bring charges unless they feel they have a very high chance of securing a conviction. Since prosecutors know the same standard for bringing charges (“probable cause”) is not the same standard needed to convict (“beyond reasonable doubt”). So why bring charges without the evidence needed to convict? That is the prosecutor’s discretion.

    So too the House has discretion in whether to let certain things a President does just go. That President Clinton perjured himself regarding an affair was not enough reason to see him removed from office. Borrowing Speaker Pelosi’s words, it was not “so compelling and overwhelming”, and it was far from “bipartisan”. And impeachment articles should really never have been brought against him since conviction was never going to happen. The impeachment and trial were colossal wastes of time.

    And let’s go one step further: the Senate is not under any obligation to convene a trial on any impeachment articles the House passes. Again power does not mean, nor does it even imply, obligation.

    It is hardly crazy to insist that if it isn’t clear whether the president has committed what the Constitution deems to be an impeachable act, the House is entitled to refrain from acting, at least when the nation is sharply divided along political lines.

    You mean like it is currently? Yet your opinion piece implies the current Democrat-led House has an obligation to impeach Trump, and the Republican-led Senate has an obligation to try and convict him.

    If a president has committed a clearly impeachable offense, the House of Representatives is obliged to impeach him — even if the process turns out to be “bipartisan” or “divisive.”

    There’s one word missing from this sentence: provably. If a president has provably committed a clearly impeachable offense. But even then, again, the House is never under any obligation to impeach him. Just as no prosecutor is obligated to bring charges for any offense.

    Power does not mean obligation. Indeed if there is any obligation the Constitution puts on the House of Representatives regarding impeaching a president, it is to decline to act where there is uncertainty.

    The left and Democrats are so, so certain that Trump colluded with Russia to… convince tens of millions of voters to vote for him or refrain from voting for Clinton that they want to see him impeached. Because they desperately want to their belief to become reality. And Sunstein is no different in declaring the House has an obligation to impeach Trump and, by extension, that the Republican-led Senate has an obligation to try and convict him.

    Yet no such obligation actually exists beyond mere assertion.

    I’ve joked before that Trump merely being alive is an impeachable offense to Democrats. And now that the Mueller report has apparently not lived up to leftist expectations, I think we’re back to that particular standard again. Or they’re going to act like anti-vaxxers and keep peddling the “Trump colluded with Russia” narrative despite nothing concrete backing it up.

    Ethics

    Conflicts of interest and personal agendas

    Posted on by Kenneth Ballard / 0 Comment

    Recently I’ve started listening to various YouTube channels that read out stories posted to Reddit. One story was classified as “pro-revenge”. And I found the original post in question, called “I got back at childhood bullies by destroying an entire town“. To note, the factual nature of the story has been called into question. But like another story regarding the “Trump Cup” phenomenon I looked at 2½ years ago, we can still discuss the story as a hypothetical case study. Go ahead and read the story to take in the full picture. I’ll do my best to summarize.

    The OP (original poster) described a childhood in a very conservative Christian, “one smokestack” town. For the unfamiliar, that is a small town centered around one business or industry – mining or a manufacturing plant. Economically, they literally have all their eggs in one basket. There are a lot of towns like this peppered across the greater United States. Some are still thriving, or at least getting by, but others fell to the 2008 crash and 2009 recession. The one the Obama administration said lasted only 6 months, only because there was a tidal wave of government spending that inflated the GDP numbers and made the economy look better than it was actually doing.

    OP is also a rape baby. So being conceived and born out of wedlock in a very Christian conservative town, his life growing up was hell. But he still managed to graduate with decent grades and escape the town in question, going to college and getting a decent job as an “analytical consultant”.

    Part of his work involved downsizing evaluations – determining which locations get closed or who gets laid off or transferred. And he was pulled in to evaluate three plants to determine which would get shuttered and their operations transferred. One of those plants was in the town where he grew up.

    If you know anything about business ethics, red flags should be going off. Unfortunately the ethical conflict is one many likely don’t readily see, given how many have readily applauded what is described. In short this is a massive conflict of interest.

    Once the OP saw that his hometown is one of the plants he would be evaluating, he should’ve recused himself completely. He was being brought in to give an impartial evaluation. And his descriptions of his mindset and actions show he was unable to give an impartial evaluation. This statement in particular is telling:

    Inside I was seething with hatred and enjoying this all. I really loved seeing their faces, seeing what they had become, because fuck it, I was going to take it all away from them.

    And

    My state of mind was something close to sexual arousal. I had never understood why people pursue positions of power, but yeah, now I understood.

    Again he was unable to be impartial. And impartiality is part of a consultant’s fiduciary duty. Since they hire an outside consultant for an independent, impartial opinion. But instead of doing his fiduciary duty and recusing himself, he took it as an opportunity to carry out a personal agenda. Again, a massive conflict of interest that rendered him unable to be impartial.

    I wrote a really scathing report, documenting every little flaw and mistake ever done in the town plant. I didn’t need to lie or fabricate – I simply took things that existed and polished them till they looked even worse than they were. The factory was shut down and in the following three years, the town died.

    If the plant was as badly managed as described,

    The religious community running the town ran the factory as well. The big shots in the community tended to be bosses in the factory. This meant that the factory wasn’t run that well; promotions were based on “holiness”, not on merit or skill.

    a truly impartial auditor would’ve recognized the shortfalls and still recommended the plant be closed.

    But what if he walked in and discovered the plant was productive and profitable (earning more than it cost to operate it, even if not by a significant margin), running like a clock and reasonably well-managed? Possibly even the best of the three plants being evaluated? Would OP still have recommended the place be closed? The above statements answer this clearly in the affirmative.

    He first states that he didn’t need to lie or fabricate anything regarding the plant, but then admits to doing just that, “polishing” details till they “looked even worse” than what was truthful. Meaning he likely would have lied and fabricated statements about the plant to see the outcome he desired. His personal agenda became a conflict of interest by completely nullifying any ability to be impartial, and possibly introducing a willingness to commit fraud and defamation.

    Conflicts of interest are taken very seriously in business, since it calls into question whether you can be impartial and seek the best outcome given a circumstance. And personal conflicts with other people can become conflicts of interest simply due to the risk your impartiality will be compromised.

    Some conflicts of interest are quite obvious. Interviewing your high school bully for a position on your team. A salesperson approaching a prospect wherein a former significant other or someone else with whom they have “a history” has influence over the purchase decision. And of course the classic conflict of interest: an affair between a manager and a direct report or someone along the direct chain of command.

    And once the conflict of interest has been identified, the parties involved have a duty to recuse themselves from the business interaction where possible. Such as when there is a merger and one a manager’s new direct reports is someone with whom their ex-husband had a fling or affair. Such was the case in a letter to the Ask A Manager blog (original is #1 here, update, and second update is #5 here), and the conflict of interest I don’t feel was taken seriously enough by the employing organization.

    And in the above story, the conflict of interest is the OP’s history with the town and the people therein, including those running the plant. The OP clearly had no intention of being impartial, let alone the ability, and should not have been involved in the decision at all. And an impartial auditor arriving at the same decision doesn’t mean the conflict of interest wasn’t a factor in the OP’s decision.

    Since the conflict of interest means we cannot know whether the plant was evaluated honestly and the proper decision made. We cannot know if the claims about how it was run are truthful. We cannot know because OP couldn’t be impartial. Once he saw his hometown on the list, he saw the opportunity to ruin those who wronged him, completely jettisoning any potential for impartiality to pursue a personal agenda.

    Ultimately we cannot know if that plant was the one that needed to be closed because the OP couldn’t make an impartial decision. So he should not have been involved in the decision at all.

    Scams

    Variation on a theme

    Posted on by Kenneth Ballard / 0 Comment

    Another scam e-mail I received recently, this one being a variation on ones I’ve written about here before:

    Hello,

    As you may have noticed, I sent this email from your email account (if you didn’t see, check the from email id). In other words, I have full access to your email account.

    I infected you with a malware a few months back when you visited an adult site, and since then, I have been observing your actions. The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphone, and you won’t even notice about it. I also have access to all your contacts.

    Why your antivirus did not detect malware? It’s simple. My malware updates its signature every 10 minutes, and there is nothing your antivirus can do about it.

    I made a video showing both you (through your webcam) and the video you were watching (on the screen) while satisfying yourself. With one click, I can send this video to all your contacts (email, social network, and messengers you use).

    You can prevent me from doing this. To stop me, transfer $909 to my bitcoin address. If you do not know how to do this, Google – “Buy Bitcoin”.

    My bitcoin address (BTC Wallet) is : 1FsEdzFk5iWdcZD3SyfetKcHShhcBsEQZx

    After receiving the payment, I will delete the video, and you will never hear from me again. You have 48 hours to pay. Since I already have access to your system, I now know that you have read this email, so your countdown has begun.

    Filing a complaint will not do any good because this email cannot be tracked. I have not made any mistakes.

    If I find that you have shared this message with someone else, I will immediately send the video to all of your contacts.

    Take care!

    As I’ve mentioned previously, it’s stupidly easy to spoof an e-mail address. And that’s all that’s occurring in this instance, and every instance wherein this occurs. Because it’s effortless to do that. Hacking an e-mail account isn’t trivial. And it’s stupid easy to create a program or bot that blasts e-mails like the above out, similar to phishing and other spam and scam e-mails that are sent out all. the. time. Which, again, is what is happening here as well.

    Rights/Supreme Court/Vaccines

    Well beyond unconstitutional

    Posted on by Kenneth Ballard / 0 Comment

    Recently a New York county decided to ban unvaccinated minors from public places in response to a measles outbreak. And it is so beyond unconstitutional it’s not even funny.

    Local and county governments are subject to the same Bill of Rights as the Federal government via incorporation. So has said the Federal judiciary, including the Supreme Court of the United States, numerous times over.

    So let’s say there is an unvaccinated child in a public place in this New York county. Beyond the parent or child (because, let’s face it, the most truthful people in the world are drunks and children) openly admitting such, what would constitute probable cause in this instance? What would constitute even reasonable suspicion to detain someone?

    The government would also have to demonstrate the child is not vaccinated. There is no obvious physical indicator of a person being vaccinated or not against measles. This isn’t like with smallpox where the vaccine leaves an obvious scar or blister. So demonstrating the child is sero-negative to measles, meaning they have no antibodies against it, requires a blood test. And unless the parent voluntarily consents to the blood test for their child, which no parent in their right mind would do, the police would need to demonstrate probable cause to get a warrant, since the blood test is a search under the Fourth Amendment – see Birchfield v. North Dakota, 579 US ___ (2016).

    And the parent refusing to consent cannot be used against them in any way. It is not automatic probable cause. The police would still need something else.

    So given that blood tests are out of the question, again absent probable cause or voluntary consent, what about vaccine records? Should parents have to carry around their children’s vaccine records wherever they go in that county, to be produced upon demand of law enforcement? Under the Health and Insurance Portability and Accountability Act (HIPAA), No. Vaccine records, like all other records related to a person’s past medical history, are protected health information (PHI) under the HIPAA Privacy Rule. Meaning law enforcement cannot demand you produce them without a court order.

    The county said they have no intention of actually arresting people, but instead using this as a wake-up call regarding the measles problem they’re having. Except the law being on the books is still the issue, since the county could, at any time the law is active, choose to start enforcing it, such as if they aren’t getting the results they expect from it.

    And that is where the county will fast run into the Fourth Amendment.

    Mira

    Some changes to the radiator box

    Posted on by Kenneth Ballard / 0 Comment
    Build Log:

    Back almost three years ago in 2016, I set out to do something rather unique with regard to water cooling: building an external, self-contained radiator box. And for the most part I achieved that goal. Maintenance cycles would see some improvements to the implementation, leading to a box that is very quiet, and a total water cooling setup that provides very good temperatures.

    There were still additional improvements to be made. Particularly with the power delivery. Powering everything was initially… messy. Integrating a hodgepodge of parts that more or less got the job done with as little need for modifying anything as possible and virtually nothing custom.

    Here’s the parts:

    And the power went into two voltage regulators, one a step-up to run the pump at greater than 12V when I had a D5 Strong, and the other a step-down to undervolt the fans. So it was a bit of a mess with regard to cabling.

    I still have the switch, along with the step-down regulator to undervolt the fans. The step-up regulator isn’t needed. And most everything else from this is gone. In its place is this: NiuGuy 12V/4.2A (50W) power supply. And wires. And a terminal block.

    All of this started when I was casually browsing Home Depot and saw terminal blocks in the electrical section, a part of the store I normally don’t pay much attention to. From there I purchased a crimp tool kit, terminals, and wire. Later I acquired 2.8mmx.5mm spade terminals to get rid of the vandal switch wiring harness. The small power supply came later.

    And that power supply is seriously small. Smaller than the power brick I was originally using. I was actually surprised when I first saw it. Here’s a size comparison of the product box with a PS3 game case. The power supply itself is only slightly smaller than the box.

    I’ve encountered power supplies like this before and had previously considered employing them in the radiator box. But I initially wanted something that didn’t require much in the way of additional tools and electrical supplies to build, so I went that direction. I also didn’t know much about electronics and circuitry at the time and have since enlightened myself.

    I kept the NCASE M1 power cable, cutting off the C13 connector and stripping the insulation back so I could add terminals for the power supply. The switch is inline between the power supply and terminal block. One pair of terminals create the circuit for the pump and rear fans at 12V, while the other pair creates the circuit with the voltage step-down regulator for the radiator fans. Bus wires connect the circuits in parallel.

    Much simpler and cleaner compared to what I had previously since I wasn’t having to figure out what to do with really long cables coming off pre-fab items. And sure there are a couple ways this could be cleaner, but I wasn’t concerned with perfection.

    The D5 pump (Koolance PMP-450 specifically) is out with a DDC pump (Swiftech MCP50x) replacing it. The only reason I swapped it out is clearance. The DDC is more compact. And the one I selected is PWM controlled, so I can dial it down to a lower RPM using a manual PWM fan controller like the Noctua NA-FC1. I clipped off the pump’s SATA power connector to use terminals to power it from the terminal block, after extending the wires using butt splice terminals with equivalent gauge wire.

    So why the lower clearance necessitating the smaller pump? I lowered the reservoir using 120mm mounting rails (Performance-PCs) for the Singularity Computers Ethereal Single (Performance-PCs). (Since I say this every time, I’ll again do so here. Full disclosure: I also support Singularity Computers via their Patreon.) Much more stable compared to how I had it previously, and it allowed me to secure the reservoir more toward each of the end caps. And the lower position meant lower clearance, necessitating the smaller pump.

    And I swapped the Bitfenix fans I had at the rear for Nanoxia Deep Silence 120mm fans, the ones that previously were in Absinthe, now Amethyst. They are super quiet (14.5dB/A) at 12V while still moving 60CFM. I’m not sure how that’ll affect cooling, but it’s bound to be better than the rear fans being voltage-synced with the radiator fans. And as a bonus, they match the green ring light on the power switch.

    I still have the pipes I showed in the previous article. They keep the coolant flow well out of the way of power and data cables, reducing the amount of soft tubing needed, even if it does create a little headache for maintenance. I’ve considered adding a valve to the pipes as well to make it easier to drain. Instead I used a 4-way block with a couple spare quick-disconnect fittings to create something to drain the system.

    Performance

    I’ve made some changes to the tubing in the H440 as well, but not in a way that drastically affects performance. The GTX 1070 still barely touches 40ºC under load, and I was able to bump the CPU overclock (i7-5820k) to 4.3Ghz while still keeping temperatures in the mid to lower 60sºC.

    I’ll detail the changes and reasoning behind those changes separately.

    Possible next steps

    Since first building this, I’ve loved having an external water cooling setup. It’s unique, and I’ve yet to see someone else do this. Sure the setup is a little complex, and maintenance can be a little bit of a headache, but having a water cooling setup that is not tied to any particular chassis or hardware setup is the main benefit. And I see no reason to go back to the traditional in-chassis water-cooling setups that… nearly everyone else does.

    Maintenance is, of course, the main drawback. Good thing it really only needs to happen once a year.

    And there really isn’t much of anything to add to this. A better mount for the pump? Not entirely necessary. I would like to have temperature sensing on the coolant, but that isn’t a pressing concern. Replacing the radiators or radiator fans with better options? I don’t really have a reason to do that. The XS-PC EX360 radiators work without any issue here, and I have zero reason to believe better radiators (e.g. AlphaCool, Hardware Labs) would make a significant difference, though they would certainly inflate the cost.

    The only realistic direction I can go is making the box smarter.

    The last couple years have seen the introduction of various ways of controlling fans using software. I’ve used NZXT’s Grid for powering a lot of fans at once. Future adaptations saw the Grid+, which allows for software control of the fans based on temperatures via their CAM software. The latest incarnation is the Grid+ V3, which supports PWM fans, meaning it should also support PWM pumps.

    And the Corsair Commander Pro is an option to integrate temperature sensing and fan control. But it requires both 12V and 5V from its SATA power connector, whereas the Grid+ requires only 12V and uses a barrel connector – meaning no modification to the device. The power supply noted above is 12V only, so I’d need a voltage adapter to provide 5V.

    I’ll figure out which to use later, along with how to connect it to the main system.

    Technology

    Hosting a mail server on a home network

    Posted on by Kenneth Ballard / 0 Comment

    Before diving deeper, a preface.

    This article will not be discussing how to set up a mail server. Mostly. Instead I’m going over some of the complications that can arise after you have the mail server set up with receiving mail to the domain(s) the server hosts. You’ll need to go elsewhere if you’re expecting a tutorial on setting up and configuring a mail server.

    Before continuing, let me explain my setup so you can understand where I’m coming from and going:

    • Mail server: virtual machine with 2 cores, 2GB RAM, Ubuntu 18.04
    • Software: iRedMail
    • Port forwarding: random port number -> port 25 on mail server
    • DNS name: NoIP dynamic DNS hostname, dynamic IP address

    Assumptions

    From here I’ll presume you have a similar starting point to me, that you:

    • own one or more domains which may or may not already receive mail through the domain registrar or other service
    • want to spin up your own mail server to receive that e-mail to your home network
    • have a typical home Internet broadband connection with a dynamic IP address
    • have a dynamic DNS name to point to your home network

    If you are not already signed up for a dynamic DNS service, do that first before setting up a mail server. I recommend signing up for one that your router directly supports. I use NoIP, and I also pay the $25/yr subscription fee to make things easier.

    What I won’t cover

    For the sake of brevity, I won’t be delving into setting up and administering a mail server. As I said above, you’ll need to go elsewhere to find that information. There are also several “distributions” – e.g. iRedMail, Mail in a Box, etc. – that can handle much of the dirty work for you, all of which have their own steps for setup and administration.

    Basically setting up the mail server is on you. All I’m discussing herein is what you need to do once the server is set up on your home network, with a dynamic IP address, so you can receive mail to it. Since plenty of other articles say you can’t.

    Set up a self-hosted VPN

    Allow me to establish one additional prerequisite: set up a self-hosted VPN. OpenVPN is one of the more popular packages available for that, and I also have a guide on how to run that in a Docker container if you’re so inclined. Others have set it up to run on a Raspberry Pi. One of my coworkers uses ZeroTier and he seems to like it.

    Having the self-hosted VPN means you only need to expose the SMTP port through your router’s port forwarding. You would then access your e-mail by connecting to the mail server through the VPN connection or an SSH tunnel when you’re away from home. Which will provide an additional safeguard for your e-mail.

    Overall order of operation

    Again, you should already have the mail server set up, with the domains and e-mail accounts configured. So now you need to make it so you can receive that mail on your home network through your dynamic DNS hostname.

    1. Pick a random port number to map to port 25 on the mail server
    2. Sign up for a mail relay service (more on this later)
    3. Modify the DNS settings for your domain for the mail relay service
    4. Wait a little for the settings to propagate
    5. Send test e-mails to verify everything is working
    6. Profit!!!

    Random port number? Mail relay service?

    By now hopefully you’ve already looked into what is required to establish a mail server for your domain(s). So you should’ve encountered explanations for the DNS entries, in particular how to configure the DNS entries to avoid other mail servers refusing to talk to yours.

    Specifically, the “reverse DNS” entry for your mail server’s host name. Which is impossible to create for a dynamic IP address. And with a static IP address, you probably have to jump through a ton of hoops with your ISP.

    Mail relay services avoid this complication, accepting the mail for your domain(s) and relaying it to another mail server. They are advertised as allowing you to bypass your ISP blocking port 25, allowing you to host your mail server on a port other than port 25. This should also be coupled with a backup service that retains e-mails for a period of time, in case your mail server can’t be reached for some reason, to avoid e-mails being rejected or black-holed.

    Your dynamic DNS service provider may already have this available. NoIP has Mail Reflector for $100/yr per domain. Dynu, on the other hand, has an Email Store/Forward service for $10/yr per domain. The latter is what I currently use, and it works well.

    While you don’t need to use a port than 25, I’d highly recommend doing so since the relay service allows for it. I’ll just reiterate what I said in my OpenVPN guide (linked above):

    In general, when exposing services where they are accessible outside your network, you want to avoid using default port numbers. Either configure the service to use a different port number, or use the port forwarding on the router to provide a different port number.

    Port forwarding for mail relay

    So with that explanation out of the way, it should be clear how to expose the mail server via port forwarding. The order of operations means you

    1. select a random port number for port forwarding
    2. set up port forwarding: [random port number] -> port 25 on mail server
    3. set up the mail relay -> [dynamic DNS host name]:[random port number]
    4. DNS “MX” entries for your domain -> mail relay service
    5. Profit!!!

    Finishing up

    So now with everything set up the way you need, send some test e-mails to make sure everything is getting through.

    One thing to note: it will take several days for the updated DNS entries to propagate around the world due to DNS server caching. So you may need to continue to check your e-mail through any previous mail hosting service until you confirm all e-mails are no longer being sent there. If you’re planning to transfer domain registrations to another provider, hold off for a few days before initiating the transfer if there are any frequently-used e-mail addresses involved.

    And another point: if you use iRedMail, turn off greylisting. If you use another distribution, determine how to disable greylisting with it. Or at least figure out how to whitelist the mail relay service you choose. If you don’t, it’ll take multiple tries for the relay service to get the mail to your system. Turning off greylisting or whitelisting the mail relay service will avoid this.

    One additional complication

    Mail server blacklisting is something else you need to keep in mind. This doesn’t stop you from receiving mail, since it will be going through a mail relay service. But it might keep you from being able to send messages to some recipients.

    As part of an effort to combat spam and scam e-mails (such as this and this), mail transport agents may be blacklisted. It’s up to every mail server administrator as to whether those blacklists will be honored – it should be off by default. And this isn’t an issue exclusive to residential Internet IP addresses. I encountered it with my previous web hosting provider when I tried to forward a phishing e-mail to SunTrust Bank.

    So if you find that e-mails you are sending are routinely being rejected, check your IP address and dynamic DNS hostname and domain through MXToolbox to determine if it’s been blacklisted. You may need to sign up for an outbound mail relay service to bypass this.

    Conclusions

    So contrary to a LOT of articles, it is possible to host a mail server on your home network. It just requires the additional mail relay service to make it all work, to bypass the “reverse DNS” complication.

    It just typically isn’t recommended that you set one up since Internet mail servers can be complicated to set up and administer. But much like web servers, generally once they’re configured, you should only really need to touch it for software updates.

    Scams

    Blackmail scam: Reloaded

    Posted on by Kenneth Ballard / 0 Comment

    I recently heard of this scam from Jim Browning. Full disclosure: I do support him on Patreon. So I’ll let him describe how this scam works, since he discusses a variation of it in one of his videos:

    I recently received the below scam message. And it’s nearly identical to the scam I wrote about earlier, just with the slight twist of making it look like they sent it from my own e-mail account:

    Hey There,

    We have hacked your device. To show you we have complete access to it we’ve sent you this message from your own private email account (see the “from” email address). We furthermore know that among the list of passwords you used to use is “[REDACTED]” for example. Don’t fear, we will explain how it all happened and what you can do about it.

    Some time ago you went to a web site with xxx contents, that web site had a trojan that was developed by us, this trojan mounted itself onto your device opening a backdoor that grants us complete access into your device. Changing passwords will not help because our backdoor will constantly stay open if we don’t terminate it our selves.

    We also downloaded all your social contacts, email contacts, data and information to our server. Moreover we triggered your camera from time to time and recorded movies of you while you “satisfied” your self observing xxx content on the web. Those videos are also kept on our server. To sum up we now posses all your important information and some “naughty” clips of you.

    You are probably asking yourself what we are going to do with this content. Possibly we utilize it to ruin your social life by sending all the info we posses with browser history and the filthy clips of you to all your social and email contacts. Picture the negative impact this will have on your life! Imagine how this will impact the relationship with your family members! Or maybe we delete it all, shut the backdoor on your system and don’t use it and you can go on living your life like this never took place. It’s all under your control….

    When you opened up this e-mail our system initiated a timer (our system tracks the mail header to see when you launched it), starting now you posses 6 hrs (6 hours is 6 hours, not a moment more) to complete the following action:

    Listed below you will find our bitcoin address (copy/paste it, it’s case sensitive). If you do not want us to destroy your social life and relationship with your loved ones you need to transfer $550 (USD) to it. You can browse Google how to purchase bitcoins, it is very easy and you can do it immediately. Don’t forget that you need to do this within the given timeframe so you better do it right now.

    Our system is watching this address, when the transaction happens in time the timer will stop counting, we will remove all the info on our server we have on you, the backdoor on your device will close and you will without doubt never ever hear from us again… case closed and nobody needs to know about your dirty secrets. If it does not come in in time, your life will change in a very damaging way.

    Our bitcoin address: 3QNVqEz3aKvCUDivsnASGEGqafYfdry4Eb

    Good-luck!

    I’ll say this up front: don’t be alarmed if you happen to receive an e-mail that appears to have come from your own e-mail account. It is not difficult to spoof an e-mail address. It’s very easy, actually. Something anyone can learn within a very short time. Much than spoofing a phone number.

    But this can seem rather alarming to someone who isn’t well versed in how Internet mail servers work.

    And given the ready availability of leaked passwords on the web, again this can potentially alarm people. It probably isn’t difficult to find the leaked password I redacted above, which would’ve been leaked during the LinkedIn data breach a number of years ago. But that password is worthless to anyone who finds it since I don’t use that password anywhere anymore.

    So if you receive an e-mail like this, don’t be alarmed. Indeed to many, it’ll probably provide a good laugh. And thankfully at least with the above Bitcoin address, it appears no one has taken the bait.

    And if you want to check to see if your e-mail address has ever been involved in a data breach, go to “Have I Been Pwned?” and type in your address. And make sure to adopt good password usage and management practices. And enable two-factor authentication where possible.

    Charity/Taxes

    False charity because #fuckTrump

    Posted on by Kenneth Ballard / 0 Comment

    Amazing how the Federal “shutdown” appears to be bringing people together, right? Bringing out people who are willing to help the furloughed government employees who are working without paychecks or not working at all. Showing that when people are in need, we’re willing to be charitable. Because that’s what decent people do, right?

    Yeah I’m not buying it.

    Simple question: if not for the government “shutdown”, how many of these same people would be spending their own time or money directly helping people who are in need? Likely answer: next to none of them.

    Let’s be honest. There’s only one reason this is happening at all. #FuckTrump. That’s it. That and the chance at a little fame or exposure since the media is broadcasting whenever someone is being so grateful to furloughed government workers. Because again, let’s be honest, #FuckTrump. That’s the only reason.

    Meanwhile there are millions of people in the United States who are in need of direct assistance in many ways every day. I’m sure you, dear reader, know at least one such person. Yet what’s the response? “Let the government handle it.”

    Rather than go out and directly help them in some simple fashion, you’d rather instead have the Federal and State governments take more money from my paycheck and the paychecks of those who make more than me so that you don’t have to lift a fucking finger, or take a penny from your pocket.

    Because when it actually comes to helping people, it seems the vast majority would rather be passive, lazy pricks who’d rather sit back and “let the government handle it” rather than getting off their asses and actually doing something to better someone else’s life.

    I’ve probably shelled out more money over the last couple years than many others have in their lifetimes. And if you’re one of those people, someone who’d rather sit back and complain about things rather than getting off your ass to improve someone else’s life, who’d rather see more money taken from my paycheck because it means you don’t have to do anything, kindly go fuck yourself.

    No, seriously. Fuck you.

    Now get off your ass, find someone who needs something, and figure out how to help them. Rather than hoping someone else will do it.

    You want to improve the world? Get off your ass already.

    Solicitations

    At least read the article before sending a solicitation

    Posted on by Kenneth Ballard / 0 Comment

    I’m really starting to ponder the commonality of this practice.

    The below request is at least mildly understandable. They’re pointing out an article I wrote on pet care and asked that I link to their article on a specific dog breed. Which would be great… if not for a few issues with their e-mail.

    Dear Editor,

    My name is Jean and I’m the Editor at [REDACTED]. I was doing research on the Blue Heeler Pointer and just finished reading your wonderful piece: https://www.kennethballard.com/?p=1790

    In that article, I noticed that you cited a solid post that I’ve read in the past: [REDACTED]

    We just published an updated, comprehensive guide on 10 things you should know about the Blue Heeler Pointer on our sister site, [REDACTED]. It is completely free and you can find it here: [REDACTED]

    If you like the piece we’d be humbled if you cited us in your article. Of course, we will also share your article with our 100k newsletter subscribers and followers across our social platforms.

    Either way, keep up the great work!

    Warmly,
    Jean

    If you’re going to send me a solicitation, have the courtesy to make sure you’re not going to include demonstrably false information.

    First they claimed I linked to an article about the Alaskan Malamute, an absolutely gorgeous dog breed I would love to own, if I ever have land for it. Before now, though, I’ve never mentioned that breed here. My article on pet care mentioned two dogs my parents’ owned. One was a blue Australian Cattle Dog, Basenji mix. Yet they request I link to an article about blue Australian Cattle Dog, Pointer mix dogs – Blue Heeler Pointer is not a recognized breed.

    Definitely a classic case of not reading the article before firing off a solicitation. Unfortunately all too common.

    I also don’t sell any ad space on this blog, so views largely don’t matter. Instead any “revenue” comes through the Amazon Associates Program, and I typically make enough to nearly completely offset hosting costs.

    And this blog doesn’t get many views anyway, making every solicitation for this site I’ve ever received nonsensical. I’ve never had more than 500 views in any given day as of this article, an article about an espresso machine is my best article of all time on views, and I typically have only about 100 views/day. So sending me a solicitation hoping for more exposure to your content is only going to end up with me posting your solicitation with all site names, links, and the like redacted.