All BlueOnyx ISOs updated - 2023 outlook
Updated ISO and disk images for BlueOnyx 5209R, 5210R and 5211R have been published.
We wish you all a Happy New Year and are excited about what it might bring us. As far as BlueOnyx goes, we already have some great plans lined up. But more about that further below.
ISO images and Disk Images updated:
We just published new BlueOnyx 5209R, 5210R and BlueOnyx 5211R ISO images that includes all patches as of today. Likewise: Updated VDI and VMDK images have also been released today.
Planned BlueOnyx enhancements for 2023:
If you're following the BlueOnyx Mailing List, then you might already have an idea about some of the planned enhancements that we have in the pipe for BlueOnyx 5210R and the new BlueOnyx 5211R. But let us sum them up for you anyway:
GoAccess and Monitorix Statistics:
These were just rolled into the existing base-sitestats of BlueOnyx 5210R and 5211R and provide much better web access statistics (GoAccess), while Monitorix provides an excellent overview over many health related metrics of your server. Some more refinement might be needed and will be added in the days to come.
My personal view (and that of other BlueOnyx developers and some users) is that SPF and OpenDKIM and related measures are "snake oil". Big email providers like Google, Microsoft, Amazon (and others) do fuck all to combat the SPAM that originates from their own users. Internally they may have mechanism that protects their OWN users from such SPAM, but everyone else is left not only without that protection. No, they are also forced to ham string and hamper their own mail servers with "snake oil" and "band aid" measures such as SPF, DKIM and other crap in order to "retain the privilege" to be able to send emails to THEM. I'm looking at you, Google! Whatever happened to "Don't be evil", by the way?
The BlueOnyx GUI already has had an SPF wizard integrated that allows to easily set up and configure SPF records. We'll now go one step further and will provide an OpenDKIM integration with GUI that manages the key and DNS record creation and management. This will be published sometime in January/February 2023.
AV-SPAM / RSpamd:
We still need to port the AV-SPAM to BlueOnyx 5211R, which will also be undertaken in January 2023. We will use this opportunity for a general overhaul of the AV-SPAM for all (supported) BlueOnyx versions and that will mean that all of them will loose the Clam AV integration. Basically: Clam AV isn't worth it. It provides zero added benefit, complicates the integration and contributes to failures that are frequent enough to be a bit of a nuisance.
Additionally we are looking at an integration of a SpamAssassin alternative and have chosen RSpamd, which would be ideal for high traffic email servers. This will be a package separate from the AV-SPAM, so you can choose either one. We might have this ready in Q1 of 2023.
Now that BlueOnyx 5211R is finished and the bugs are ironed out, it is high time to resurrect this project from it's hibernation and finally finish it. In a fashion similar to our "Easy Migrate" this new "Easy Backup" will provide convenient means to easily backup and restore individual Users, Vsites, MySQL, DNS, Emails or the whole server. The project was around 90-95% complete when I had to switch my focus elsewhere, but I should be able to wrap it up fairly quickly.
"BlueOnyx Home Server":
Note that this title is in quotation marks and this is just a tentative naming and might change. The idea is to provide additional modules to BlueOnyx 5211R in order to make it able to communicate via UPNP with home network routers in order to open up all ports and set up all the forwarding rules that one needs to make the BlueOnyx accessible from the internet.
That way you could host a BlueOnyx at home at your broadband internet connection and still have it reachable from the Internet. BlueOnyx already has a Dynamic DNS solution integrated, but we might also provide this as an additional service to users who might need it. While self-hosting a BlueOnyx at home might not be the means to all ends, but it could fill some hobbyist niches quite nicely and this is something that we sure want to support.
Imagine the combination of a "BlueOnyx Home Server" with our OpenVPN package, OwnCloud or NextCloud for file hosting and sharing for the whole family and all their mobile devices, RoundCube for email, Calendar, Photo Gallery and what not. You'd have all that home hosted data at your finger tips on your mobile device wherever you are. Without the added cost of having it all in a data center. Like said: For professional use this might not be good enough, as a datacenter provides better redundancy, availability and (of course) support, but for personal usage this might do it just fine.
It's not just the conflict in Ukraine that has caused a steep uptick in security related events, but also other factors. The amount of steady hammering, probing, pushing, phishing and scamming has reached levels that we haven't seen in a while. We recently updated the Fail2ban and Firewalld packages for BlueOnyx 5210R and 5211R, which not only work better now, but also allow for GeoIP blocking via IPSets. This all helps, but we're also looking further ahead and will be rolling out a new product sometime later this year that provides a more wholesome approach for security for not only single server installs, but will tie all your servers into a shared security shard where threats to one server lead to blocks of the offender on all your servers.
For email security (beyond brute force login attempts already covered above) we're thinking of possibly making a subset or fork of our internal RBL blacklist available in one form or another. Perhaps not as DNS based traditional RBL blacklist, but more along the line of "this months worst offenders aggregated" and then provided as a semi-static list that ties into the AV-SPAM and RSpamd. We're currently in the brainstorming stage for these measures and this is not yet solidly hammered out in all regards.
The BlueOnyx project is always looking for donations and in December 2022 a "call to arms" provided us with a new influx of funding that helped to recoup some of the costs of the BlueOnyx 5211R development. Many thanks to all who donated. We really appreciate it and would also appreciate your continued support in the future. Many thanks again!
Lastly, one very special thanks goes out to our newest BlueOnyx Developer: Juerg Sommer!
Juerg has been a very active member on the BlueOnyx list and we very much appreciated his bug reports and comments. He not only came with a bug reports, but also already had the picture perfect solution for it at hand. In a commendably short time he has mastered a very good understanding of the BlueOnyx architecture and his excellent Linux, coding and troubleshooting skills are also matched by a pleasant personality and a great dedication to get to the bottom of things. So ... we sort of "press ganged" him and now have the honor to call him a valued member of the BlueOnyx Development Team. Welcome aboard, Juerg!
Well, that's it for now from us on this first day of 2023. We hope you all had a good start into the New Year and let's see what great things await us next!