• 1 Post
  • 12 Comments
Joined 1 year ago
cake
Cake day: July 8th, 2023

help-circle


  • I cannot recommend any consumer router brand, at least not with stock firmware, because any of them don’t have guaranteed update policy. Further, some of the stock firmware contains insecure protocols, like telnet (yes, still), outdated ciphers (SSL, TLS 1.0), and some feature you want is always missing. Further they often lack innovative features like WireGuard in updates, mostly bug fixes and security patches.

    That’s why I would urge you to consider using one of the router/ gateway distributions listed below.

    Depending on your requirements, I can recommend the following router OS:

    • OpenSense (router without WiFi)
    • OpenWRT (router with WiFi)

    If you have an old laptop or pc to spare, you could at least give those two a try.

    Someone already mentioned it, OpenSense runs only on x86 / PC Hardware (and MiPS). OpenWRT can be flashed onto a lot of consumer routers as well as be installed on traditional x86 / PC hardware.

    OpenWRT has a hardware table on their website for supported models. Some of them come cheap if you buy them used and are pretty decent.

    If you like more flexibility, I can recommend building your own router. Used thin clients, Iike for example Fujitsu Futro S920. Thin clients are basically low-powered PCs, which are often cheap on the used market and provide a variety of hardware interfaces. Most use Intel NICs, some have secondary NIC, can hold SATA disks, provide interfaces for WiFi (pice, miniPCIe, m.2) or extension cards, have high efficient power supplies and are in majority are passive cooled. Or get some SBC/ Low-Powered board with the interfaces you need. It doesn’t need to be new hardware.



  • My bad, I meant SPF record.

    I have some issue with just that, all emails will end up in a spam filter (if your mail provider is thorough). Also your IP might end up on a public spam/ block list. To much to go wrong, in case some alerts need to reach me.

    Plus I use a strict DMARC, so at least a correct SPF is needed.

    I’m using postfix on my machines, all services send to it and it just to relays via a SMTP service. So only one point to configure.

    I was specifically looking for the last part, a SMTP relay service.





  • Sure - but that would be another thing to self-host - because I have at least 5 machines which need to send, and I have a dynamic IP address - so it would involve updating the MX records via DNS API for at least 5 sub domains.

    To be honest, I’m a KISS kind of guy - not everything technical possible or imaginable is worthwhile. Especially if it’s such a crucial part like alert monitoring. I want it done simple, secure, without caveats and keeping the complexity on the lowest level possible.





  • I had only logitech for years, using Windows, Linux, BSD, Dos… without any issues. The older model (probably 15years+) is still working perfectly, mechanical & PS/2. And that has been drowned in Coffee, water, whiskey and what else. Put it in the washing machine (with some clothes to bolster), let it dry and use it like the first day! 👌🏼 Even my current one, for about 10 years in service works like a charm. I admit both are #lowtech devices