Just checked one more time that emails from my server are accepted by Gmail. What am I doing wrong?
the list of the daemons running in docker-mailserver
Awful. Who heeds both rspamd and spamassassin simultaneously? fetchmail and getmail6? More than a half of these components are not required to get a working mail server. But I agree that setting up the another half is rather complicated. So I'm planning to give a try to mox when I'll need to set up a new mail server.
There is a repo for noble, I've checked this before writing my answer. It is always possible to edit apt sources config manually and specify any repo you want regardless your distro codename. IDK what is Mint Store, isn't it about flatpacks that TS doesn't want to use?
What do you mean by "won't install"? If you install it with apt from repo, apt doesn't check the distro codename, it just checks if the package dependencies are satisfied.
Well, first I need to note that blkdiscard is not more secure. But it is much more faster. It does not actually wipe flash memory, it just tells the controller to mark it as unused. So it will drop stored data at the moment it decides the best. Maybe immediately, maybe just before writing new data. But anyway it wont provide ability to read it. It would be still possible if you can get direct access to the flash memory bypassing the controller.
Second, you forgot that SSDs are not HDDs and data are not stored exactly at offset you write them. The controller remaps memory blocks as needed. And it has more blocks than actually available to user. So when you use dd (or cp, or any other program writing directly to block device) you only override blocks that are actually mapped, but some blocks can still keep old data. So using dd is also not secure in case someone can get direct access to the flash memory. But it takes much longer time and reduces the flash lifetime.
Several people here mentioned a secure erase feature of SSDs. I didn't know about it. It should be more secure than both methods if implemented correctly by the manufacturer (i. e. clears all memory cells immediately). In the worst case it could be the same as blkdiscard, I guess.
/dev/random, seriously? This will take ages and have no advantages over /dev/zero. Even when you really need to fill your drive with random data, use /dev/urandom, there's a chance that this will finish in couple days at least. And no, there's no guarantee that it will wipe all blocks because there are reserved blocks that only device firmware can access and rotate. Some data on rotated blocks still can be accessible for forensic analysis if you care about this.
It's practically unrealistic. Even for a distro governed by a US-based company there are a lot of download mirrors, so restricting downloads from all of them is extremely difficult (and anyway unrestricted foreign mirrors still could synchronize with official ones via VPN). Forbidding foreign developers would require identification of each developer, but few distros do this (Debian does, but e.g. Fedora does not).
Developers would understand that such restrictions effectively kill a project, so they would shirk them.
It's a bad practice to log in as root even for administrative tasks. You need to run numerous commands, some of hem can be potentially dangerous while not requiring root privileges. So normally you have an admin user in the sudo/wheel group and need to login to this account. Also, this adds some protection in case your key has leaked.
Just checked one more time that emails from my server are accepted by Gmail. What am I doing wrong?
Awful. Who heeds both rspamd and spamassassin simultaneously? fetchmail and getmail6? More than a half of these components are not required to get a working mail server. But I agree that setting up the another half is rather complicated. So I'm planning to give a try to mox when I'll need to set up a new mail server.