To keep up with the latest security improvements, TLSv1.3 has been enabled.
And to achieve an “A+” rating again on SSLLabs, we followed their recommendations to disable TLSv1.0 and TLSv1.1.
The list of ciphers was update to remove all weak ones.
The current report can be found here:
https://www.ssllabs.com/ssltest/analyze.html?d=foxinnovations.be
From now on the TTL value of ICMP ping replies is monitored, and an informative alarm is triggered when the value changes. This can be useful information to detect network topology changes. The alarm is cleared when the TTL value remains the same for 1 hour.
We have always supported sub-addressing (or “tagging”) when receiving e-mails, by using the “+” sign. E.g. some.one+mytag@domain.com. When using forwarding using an alias, up till now, this sub-address was replicated to the forwarded destination, e.g. some.one+mytag@domain.com gets forwarded to myemail+mytag@gmail.com.
As from now, this behavior is changed, the sub-address is now stripped from the forwarded destination. E.g. an e-mail to some.one+mytag@domain.com now gets forwarded to myemail@gmail.com. You can still use the sub-address in rules at e.g. Gmail, based on the (original) destination.
This change fixes some issues with forwards to mail-servers that don’t support sub-addressing, such as Microsoft Exchange.
Technically, this is implemented by changing the setting “propagate_unmatched_extensions” in Postfix from “canonical, virtual” to “canonical”.
Microsoft maintains its own block-lists for spam detection: Smart Network Data Services (SNDS). They are used on Hotmail.com, Live.com, Outlook.com, Office365.com and any custom domain hosted on the Microsoft mail servers. More information can be found here.
The Zabbix server at mon.foxinnovations.be can now be used to monitor your IP-address on those lists.
The zabbix template is made public on my ZabbixCustomTemplates project on GitHub.
On both production Debian servers, .NET Core was updated to v2.2.0.
One of the new features is a “health check” which can be enabled in ASP .NET sites, as live demonstrated here.
.NET Core 2.0 runtime will be uninstalled, since it is no longer supported by Microsoft. .NET Core 2.1 is an LTS-release.
The Zabbix server installation on https://mon.foxinnovations.be was upgraded to 4.0 LTS.
See this link for a list of changes.
One of the most visible changes is the Time selector redesign.
If you want to monitor a SIP server using our monitoring, you can use the template Template App SIP.
A SIP OPTIONS method is sent over UDP, and the check waits for 5 seconds on a SIP response. Currently only UDP is supported.
Two macros can be used to customize some behavior:
The template (with the external scripts) is open source, and available on Github.
Certificate expiration data before 2018-07-18 00:15:00 didn’t take webdomain/CN into account. The default server certificate was used instead. This resulted in all domain certificates hosted on the same server having the same wrong expiration date.
All data before that time has been removed.
As of today, HTTP/2 is enabled on all domains hosted by Fox Innovations. It should improve end-user browsing experience substancially, espacially for complex pages containing lots of resources.
All domains hosted on Fox Innovations are now only served over https. Existing (non-encrypted) links are automatically redirected to the encrypted link. This way, all existing (non-encrypted) links on Facebook posts or in e-mails will still work.