It could go tits up indeed with a pod name like that.

Just dont name your pod “Titan” just in case.

Yeah I think it’s just a false alarm.

I would suggest looking into how sudoers works. I might just be that you asked caddy to do something that required root and forgot to sudo the command ?

Still double check the timestamp and verify that it was when you tinkered. Use “history” to look for previous commands and maybe the timestamp ?

The way I see it something (probably caddy) wanted to check a TLS certificate and had to concatenate all the certificate authorities to check if an adequate CA was there. And it failed to access what looks like a local CA that is autosigned ? Still worth checking your CA has adequate / similar permission as the others.

I think CB got really close to Insanity on this one :)

You can totally feel him getting very frustrated but trying to keep calm to shoot the video…

I’m not sure why people are trying convince me to change my mind on something.

I have seen it in my logs with my own eyes. I wish I could be left alone without having to bother looking into it.

Whatever the reason is. Someone is crawling through dictionaries of address. It is slow but steady. It started with abuse@ and other generic addresses and then started trying names. I blocked the sending SMTP server once I realized what was going-on.

What am I suppose to do? Ignore it and just triage in inbox?

This is not at all my experience with custom mail domains.

And I say that after spending a lot of time setting SPF, DKIM and DMARC filtering.

I guess you got lucky.

Does it?

Do you think spammer will just stop at the first address and then call it a day?

In my experience there is no such thing as a “catch all” domain address. The second your domain leaks then many spammer will just go into a frenzy and try hundreds or thousands of mail aliases.

Especially since they can’t really spam Gmail as easily (since early 2024) they will even more aggressively spam any other domain.

I’m a bit skeptical on the Email alias feature but this is a really cool project.

I just don’t know how practical it is to use custom domains to receive those confirmation emails.

Wouldn’t you receive a ton of spam once your email domain leaks (which will eventually happen)?

Email is also useful for password reset.

Ah I get it.

Anyway low consumption kind of mandates that kind of flash build IMO.

Isn’t there any way you could stagger buying those SSD? Like you buy them one by one only on sales or refurbished hardware.

You could also maybe attempt a raid5 only with only 3 disks until you could buy a fourth one?

Anyway good luck!

I’m sorry if this is not relevant but I don’t have the time to read that whole of text:

https://youtu.be/l30sADfDiM8

I think this is at least similar to what you want to achieve.

I’m usually pretty relaxed when it comes to disclosure of vulnerabilities but this is the kind of issues where I think it would have been better to privately report the issue to the Lemmy dev and wait ( a long time probably) for it to be fixed before disclosing.

Especially since currently there is multiple people abusing the image hosting feature.

Not a big deal, but sometimes it is actually a better practice to give an opportunity to the dev to fix something before forcing them to do so in a hurry.