Category: Amazon

The Helm email server – now blocked by Microsoft

This is an automated email from your Helm Server.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For information about why this might happen visit our support
article here: 
https://support.thehelm.com/hc/en-us/articles/360024507754
                  Helm 

<tccof@hotmail.com>: host hotmail-com.olc.protection.outlook.com[104.47.9.33]
    said: 550 5.7.1 Unfortunately, messages from [35.162.166.161] weren't sent.
    Please contact your Internet service provider since part of their network
    is on our block list (S3140). You can also refer your provider to
    http://mail.live.com/mail/troubleshooting.aspx#errors.
    [VE1EUR03FT024.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL
    FROM command)

I don’t know who is at fault here. On the one hand, I’m sympathetic to the problem of spam. I am an email administrator, after all.

And by the way, it used to work. Last time I successfully sent mail to the same guy was on May 7th. So the change has been within the last week.

If Microsoft really is getting spam from 35.162.166.161 then I can’t blame them for blocking it.

On the other hand, the link they provide says essentially “sign up with ReturnPath, Inc, and we won’t piss on your head any more”. I have no idea how much an investment Microsoft has in ReturnPath, nor do I know what ReturnPath’s revenue model is.

I do not know how many IP addresses Helm uses for their outbound mail. It could be just the one. If that’s the case, I’m screwed. If they have multiple, then they need to figure out who the bad actors are, and move them. Bad guys over there, good guys over here.

That assumes that there are bad actors. I don’t know that spammers would actually go to the expense of buying a Helm email server. It wasn’t inexpensive. To just send spam, I could hire a cloud mail server far cheaper. But if someone is stupid enough to think they can make money sending spam, then maybe they are stupid enough to think that the Helm service would give them a pass. And if they did, and Helm doesn’t try to scan and block for such a thing, then yeah, it could be that I side with Microsoft here. I’d hate that; but I’d have to admit that they are on the correct side of the problem here.

35.162.166.0 is Amazon, of course. Helm is sending the mail from AWS. Of course, the Amazon model is that they will sell their services to anyone; including dirty filthy spammers, may they all get Covid-19 and expire painfully. If Amazon has lumped the Helm customers in with their spammer customers, then there may be nothing Helm can do about it.

But then, I have no way to know if Microsoft is simply pissing on email senders for using AWS. It wouldn’t be the first time Microsoft sabotaged customers for using a competing product. Is this yet another example of “DOS isn’t done until Lotus won’t run“? Does Microsoft happen to be running ads now, with a picture of a crash helmet, and the caption “Wouldn’t you rather host your email with a cloud provider that isn’t on ReturnPath’s block list?”

Anyway. I’ve moved most of my email over to the Helm email server, and now it’s turning out to be a bad thing. Perhaps my corporate overlords are trying to punish me for straying from their cage.

New site steps

Note this is for a new WordPress Multisite

  • Log into AWS Management Console
  • Lightsail Create a new instance (Linux, WordPress Multisite)
  • Create a new static IP address
  • Assign the static IP address to the new instance.
  • Buy a new domain name (if I don’t have one available) – in this case, gerisch.org
  • Update DNS with the new static IP address
  • ssh – i path-to-pem-file-for-AWS-instances bitnami@gerisch.org
  • Make Ubuntu like OpenSUSE
  • Log out, and log back in (get the benefits of pageup for history search, and .. as the cd .. alias)
  • cd /opt/bitnami/apps/wordpress
  • sudo ./bnconfig --machine_hostname gerisch.org
  • sudo mv bnconfig bnconfig.disabled
  • sudo apt upgrade
  • sudo init 6
  • wait for reboot to finish
  • ssh – i path-to-pem-file-for-AWS-instances bitnami@gerisch.org
  • sudo /opt/bitnami/bncert-tool

At this point, I get a warning:

Warning: Custom redirections are not supported in the Bitnami WordPress Multisite Stack. This tool will not be able to enable/disable redirections.
Press [Enter] to continue:

An updated version is available. Would you like to download it? You would need to run it manually later. [Y/n]:

sudo /opt/bitnami/bncert-tool

Welcome to the Bitnami HTTPS Configuration tool.

Domains

Please provide a valid space-separated list of domains for which you wish to configure your web server.

Domain list []:

gerisch.org

The following domains were not included: www.gerisch.org. Do you want to add them? [Y/n]:

The interesting thing here is that (if I’m interpreting things correctly) that WordPress Multisite really does not want one of the subdomains to be www.gerisch.org – yet here, Bitnami, through the Let’s Encrypt really does want one of the domains to be www

I hit <Enter> which signifies yes

Changes to perform

The following changes will be performed to your Bitnami installation:

  1. Stop web server
  2. Configure web server to use a free Let’s Encrypt certificate for the domains:
    gerisch.org www.gerisch.org
  3. Configure a cron job to automatically renew the certificate each month
  4. Configure web server name to: gerisch.org
  5. Start web server once all changes have been performed

Do you agree to these changes? [Y/n]:

I hit <Enter> which signifies yes

Create a free HTTPS certificate with Let’s Encrypt

Please provide a valid e-mail address for which to associate your Let’s Encrypt certificate.

Domain list: gerisch.org www.gerisch.org

Server name: gerisch.org

E-mail address []:

I put in my personal email address

The Let’s Encrypt Subscriber Agreement can be found at:

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]:

I hit <Enter> which signifies yes

And after a bit of work, the configuration of my new web site to be SSL protected is complete.

How to use Lightsail snapshots to revert to a previous version

I have the new Bitnami WordPress multisite web server up and running. I’d like to make a backup of it, prior to mucking with it, so that I can revert back if needed.

Schrodinger’s Backups: The condition of any backup is unknown until a restore is attempted.

Murphy’s take on Schrodinger’s Backups: You’re fucked. The backup is dead.

Well, that is often the case when you just lost the computer, and you now need to restore from your “backups”.

Let’s see what it takes to successfully take a Lightsail snapshot and restore to it.

Technically, you spin up a new instance, move the IP address, and delete the old instance. So you will be incurring a little bit more extra charges with Lightsail, because for a little while, you had two instances. Snapshots cost money, too.

Step the first: shut down your instance.

In theory, this step should not be necessary. The snapshot process should work on the running image. It probably will.

In theory, there is no difference between theory and practice. In practice, there is.

Although it is a remote chance, there is a problem of database coherency. What if, at the exact moment you take a snapshot, some database transaction is only half-posted? What if one half of the transaction is written to disk, then the snapshot happens, then the other half of the transaction gets written to disk? When you restore, the database is going to no longer be coherent.

For some databases, there are a whole subset of features and work done to ensure atomic transactions that prevent any piece of the transaction of being committed until all of it can be verified to be done. That’s all nice and everything, but what’s wrong with just shutting down the server? If your server is so mission critical that you cannot have a minute or two of downtime, you should be working on clusters of machines that can announce themselves into the cluster, and announce themselves out of the cluster and gracefully transition between states.

Power down the server, and the server is quiescent with the world.

Step the second: take the snapshot.

A picture being worth a thousand words, here’s thirteen thousand words:

Go to the snapshot manager tab a click the Create snapshot button
Lightsail picked a name for you; click the Create button to launch the snapshot process
This takes a minute or three
Once the snapshot is complete, you get the raindrops menu button

Step the third: the snapshot becomes the machine.

The raindrops menu has the option to create a new instance from the snapshot

See that big orange Create Instance button? Click it!

I may be a stockholder of Amazon.com stock, and will see revenue slightly rise as you invoke an additional charge on your account. Click it!
Now there are two instances; one pending, and the other stopped

Eventually, the new instance is running. But we still need to move off of the old instance.

The static IP address that DNS points to is connected to the server that crashed and is going away
The new instance, WordPress_Multisite-2, has a random IP address assigned during creation
After selecting the static IP from the list, click the green Checkmark button to assign it to the new instance
We now see the new instance in the wild, at the old IP address DNS points to
Delete the old instance, so as to not leave trash laying around

That’s pretty much it. The snapshot has been launched as a new instance, and is almost a verbatim copy of the old instance. Almost.

When the new instance was spun up, it got a new security certificate fingerprint.

Amazon Transcribe – mildly amusing transcription attempt

I’m using Amazon Transcribe, to do that, with MP3 files of a talk given by couple guys with thick southern accents (Arkansas / Louisiana). Machine translation is still pretty new. Even with superb AI, this audio would be tough. Still, the following was mildly amusing to me.

What the transcription came up with: “the moment after rescue from the shipwreck, when camaraderie, Georgian markets evade a vessel for misters to the captain’s table.”

What the actual audio is: “the moment after rescue from the shipwreck, when camaraderie, joyousness and democracy pervade the vessel from steerage to the captain’s table.”

Admittedly, evade versus pervade is very close; pervade isn’t exactly a common word. The difference between misters and steerage is pretty far. But what tickled my funny bone was that apparently, joyousness and democracy are what you get going to Georgian markets.

As one popular meme goes right now: Why not both?