After a long week of fending off hackers trying to use brute force password guessing to ssh into my clients servers, I realized my naming conventions were wreaking all kinds of havok on my administrative tasks.
I had to come up with a system that would take into consideration a myriad of “situations”. It had to be distinguishable in a terminal (not all hostnames are good names). For example all of my live servers had the hostname “server” and development servers “dev”. When you have 4 live servers up and they all report back [email protected], how do you know which one you’re on, without typing “hostname -f” constantly? I tried editing my .bashrc to report a FQDN in the terminal, but I wasn’t doing something right. Exim4 was having issues sending fail2ban emails from root domain, I had to make sure that some sub-domains were on CDN (content delivery networks) and so needed a real, FQDN to be reachable via SSH, SFTP, VPN, etc.
What I came up with simply works, and works great on a vanilla Ubuntu 14.04 LTS install. The hostname is now “srv-moebis”, the hosts file just resolves 127.0.0.1 to localhost.localdomain and localhost, then the fully exposed static IP on the internet is mapped to “srv.moebis.com srv-moebis”, you can also use 127.0.1.1 if you don’t have a static IP. > hostname reports “srv-moebis”, terminal shows “[email protected]”, hostname -f repost “srv.moebis.com”, DNS entries are moebis.com xxx.xxx.xxx.xxx (pass thru CDN), CNAME www.moebis.com (pass thru CDN), CNAME srv.moebis.com (pass around CDN).
For send only mail via exim4, it’s simple. Now I use the FQDN srv.moebis.com (you can use the root domain moebis.com, but I advise against it). My digitalocean droplet has a PTR record that reverse lookups my IP to srv.moebis.com. Listen is on the normal 127.0.0.1 ; ::1 and the rest is blank during “dpkg-reconfigure exim4-config”, I choose maildir at the end, choose whatever you want, doesn’t really matter.
This new system now accounts for development servers. So lets say I’m building a parallel dev.moebis.com that I want to work on and maybe switch out live at some point. Well same deal. Hostname is “dev-moebis”, hosts xxx.xxx.xxx.xxx dev.moebis.com dev-moebis, DNS records, I just create a new A NAME for the new dev.moebis.com. Everything else goes the same, exim4 config, etc. When the time comes to bring the server up live, I just rename its hostname, edit the hosts, reconfigure exim4, change the PTR record and point the DNS at the new changes.