MTA STS and SMTP TLS Reporting

Two new standards have recently become interesting:

  • MTA-STS (SMTP MTA Strict Transport Security – RFC 8461) which can be used to advertise that your mail server supports STARTTLS
  • SMTP TLS Reporting (RFC 8460) which allows other mail servers to send you reports about whether your mail server responded properly to TLS

Google recently announced they are implementing both standards in Gmail, so I decided it would be a good time to add them to my mailserver configuration. SANS ISC has a nice writeup about how to easily implement both features

https://www.hardenize.com already supports checking both features, if you want to verify your setup once you are done.

Upgrade time

Today was a server update day. Bumped my base operating system up to the next release, bumped Proxmox up to the latest release and updated Confluece to 6.15.

A nice round of reboots too while I was at it. I checked all services and all should be good, if you notice anything amiss, just poke me.

Finding changes in an ansible run output

As you can tell I work a bit with ansible. Once you get a few longer playbooks, or have to deploy to hundreds of hosts it can get a bit tedious to search through the output to find “ok, what changed?”

ARA can be a big help in such situations, but good old sed will also do nicely in a pinch:  sed -n '/^--- before/,/^changed/p' ansible_output  for bonus points you can pipe the output to colordiff 

Ansible 2.7 oddities

One of the changes with ansible 2.7 is how you are supposed to pass a list of packages to a package module. instead of passing a list via with_items (which then get’s squashed into one call anyway), you just pass the whole list.
Apt as an example:

ansible <= 2.6

ansible <= 2.7

What the documentation doesn’t touch is how to pass multiple lists.
The error output suggests using ['{{ list1 }}', '{{ list2 }}'], but ansible throws a fit if you do that. Turns out you can also concatenate lists with the + sign. So the solution looks like this: