I even built a tool for users to minimize the potential for error in this process.
But if a user can’t type their own personal name correctly I am at the bottom of my toolbox.

#Sysadminnery #InfoSec

There is no lesser joy than the process of resetting a password for someone who chronically mistypes their own name.

#Sysadminnery #InfoSec

Someday I will get through the first quarter of a year without having to direct a client to https://kb.isc.org/docs/aa-01640

2026 is not that year. 18 in a row. Had to explain it to marketoons for my prior employer as well, for both major brands.

I don’t *like* making their other vendors look like idiots but I do not really have a choice.

#Sysadminnery #DNS

It seems to me based on mailing list traffic like a lot of people are seeing the free side of MS email (outlook.com, hotmail.com, etc. not paying customers on ms365) doing what it so often does today: mystery rejections and dropping mail on the floor.
I assure you: if you're getting bounces because of this, your mail admin knows that it is happening and has NO WAY to address it.

#Sysadminnery
#email #microsoft #ms365 #hotmail

I never ceases to amaze me that mail systems do this shit. I know it was a thing with Sendmail but most of us have moved on or at least fixed the stupid mailer flags.

#Sysadminnery #Email #Sendmail

#TIL: XenCenter makes no objection when one tells it to delete an apparently unused “backend" vdisk which has a (sparse) descendant busy with a running VM. Also, doing that to a Windows VM does not cause it to fail immediately.
Unclear how this mistake has not been previously made in this environment.

#Sysadminnery

CONFESSION:
My ongoing hatred of git is almost entirely grounded in my inability to switch FreeBSD branches without wiping and recloning.

#Sysadminnery

@knowprose It started in the mid '90s. The common refrain of Unix email admins was "Any moron can run Exchange, and most of them do."

#Sysadminnery

RE: https://mastodon.social/@nixCraft/116001279782592904

I have yet to see anyone even *claim* the capacity to do my job with a bot. I have never understood how I might "prompt" one for anything I do where it could do better than my own ad hoc automation.

#Sysadminnery

It’s a rhetorical Q.
It’s almost a miracle that it was found.

It’s also why I do a paranoid level of consistency checks on every #SpamAssassin release. Our definitive repo is in Apache SVN, so we don’t have precisely the same vulnerability as libxz had, but I still verify that no matter how one gets the source, it is identical to what we've checked in.

#FOSS #Sysadminnery #InfoSec @mjg59 https://nondeterministic.computer/@mjg59/115961116648470244

The truth is, I’ve never trusted FileVault or really any whole-disk encryption.
I have a couple of FreeBSD machines using geli but not on their boot disk (is that even a thing?) and I’ve never been willing to jump into FileVault because it seems to have had a steady stream of “Oh, well, hope you have a backup” problems.

#Sysadminnery #IWeep6Colors

Typo of the day: Maimnan3 for Mailman3

I like it…

#email #Sysadminnery

The bulk of my billable hours for the day have been consumed by the necessity of validating the instructions provided by Gemini to a customer with a certificate chain problem on antique systems.

They were wrong, of course. Even worse, the customer implied they were from the CA, with download links. But: name in instructions didn’t match what was behind one DL link, the assembly included a pointless root, and the order of the 2 certs needed (int and x-signed root) was wrong.
#Sysadminnery

MS365 email cannot achieve “four nines” availability for 2026.
They’ve been down for long enough today that they’re more than halfway to losing the third 9. It's DNS.

The biggest mail system I help manage had NO unplanned downtime in 2025 & the planned downtime (kernel updates) was less than 0.004%

The biggest DNS environment I help manage has had 100% availability for >5y. It has NEVER returned SERVFAIL for a valid name.

Sadly, I do not scale. And I am old and tired.

#Sysadminnery

I spent Friday trying to hack into a customer box in India. They need support but have "secured" the system beyond the reach of the access mechanisms they have offered. None of the 4 different VPN’s we operate for their US operations can reach the box directly, so I must RDP into a domain controller in Mumbai, which they replaced without telling us. After finally getting to the box, none of the dozen passwords they’ve provided over the years work.

Definitely billable hours.

#Sysadminnery

Good. Hopefully it means that they hired a few good admins.

The worst thing to happen to email was providers of other services bundling email at prices less than it should cost to provide high quality service.

It has deprofressionalized email. The pressure on email operations to cost nothing has squeezed out high competence admins and left the largest operations mysterious black boxes to the people who run them.
#Sysadminnery @arstechnica https://mastodon.social/@arstechnica/115907321311459073

Using MS365 for email is accepting the combined unknown unknowns of both MS operating policy choices and their other customers’ security.
And the KNOWN risk that it makes phishing much easier to execute in ways which are harder to catch.

#Sysadminnery @dannyjpalmer https://infosec.exchange/@dannyjpalmer/115865973645617355

Open X-Change making a *universally breaking* change in config format & removing features from #Dovecot in the 2.3->2.4 upgrade is telling. That they removed some core features (e.g. unix login auth) inks in the drawing. They are tired of having the world's de facto default open source mailstore server, they want the world's most lucrative mailstore server.

And the page explaining the changes at https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html is basically a big fat FUCK YOU to the Dovecot Community.
#Sysadminnery

@schwa @alexr No kinkshaming on the Fediverse!

If someone wants to run Real Sendmail, that’s just fine as long as they don’t harm others in doing so.
I’d even say that for QMail. None of my business how people abuse themselves.

Exchange is, of course, a whole different story. There are limits, after all.

#Sysadminnery

LOL.
Microsoft is trying to send mail from @outlook.com email addresses via scores of IP addresses across dozens of /24 networks that are not in their SPF records.
It must really suck to depend on such a shabby email provider. Good thing outlook.com is just freemail…

#email #spam #Microsoft #outlook #Sysadminnery