<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on Waffle's yttrx blog</title><link>https://waffles.yttrx.com/posts/</link><description>Recent content in Posts on Waffle's yttrx blog</description><generator>Hugo</generator><language>en</language><lastBuildDate>Fri, 03 Jul 2026 10:26:23 -0700</lastBuildDate><atom:link href="https://waffles.yttrx.com/posts/index.xml" rel="self" type="application/rss+xml"/><item><title>catching up on the anti-abuse stack: welcomebot, abuse-bot, and the new signup scrutiny</title><link>https://waffles.yttrx.com/posts/welcomebot-and-abuse-hooks-update/</link><pubDate>Fri, 03 Jul 2026 10:26:23 -0700</pubDate><guid>https://waffles.yttrx.com/posts/welcomebot-and-abuse-hooks-update/</guid><description>&lt;p&gt;I&amp;rsquo;ve been heads-down on anti-abuse work for yttrx lately, and figured this journal is a better home for it than my own memory. Here&amp;rsquo;s roughly where things stand.&lt;/p&gt;

&lt;h2 id="the-hooks-server-welcome-bot--abuse-bot"&gt;The hooks server: welcome-bot + abuse-bot &lt;a class="heading-anchor" href="#the-hooks-server-welcome-bot--abuse-bot" aria-hidden="true"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;I started with a FastAPI webhook server (&lt;code&gt;yttrx-welcomebot&lt;/code&gt;) running on admin, sitting behind an admin site. Mastodon fires an admin webhook on &lt;code&gt;account.created&lt;/code&gt;, &lt;code&gt;account.approved&lt;/code&gt;, and &lt;code&gt;report.created&lt;/code&gt;, and this service allows me to run some custom logic to decide how to handle these actions.&lt;/p&gt;</description></item><item><title>bringing breath back to this journal</title><link>https://waffles.yttrx.com/posts/bringing-breath-back-to-this-journal/</link><pubDate>Fri, 03 Jul 2026 10:20:05 -0700</pubDate><guid>https://waffles.yttrx.com/posts/bringing-breath-back-to-this-journal/</guid><description>&lt;p&gt;I first started capturing some of my technical notes in this journal when starting &lt;a
 href="https://yttrx.com"
 
 target="_blank" rel="noopener"
 
 
&gt;yttrx.com&lt;/a&gt;
 back in 2022, but eventually fell off maintaining it. Recently, I&amp;rsquo;ve been doing a bunch of spam/abuse mitigation work on the yttrx signup and abuse reporting workflows, and it hit me that I should probably knock the dust off of this journal.&lt;/p&gt;
&lt;p&gt;So I migrated it away from jekyll and onto hugo, using a theme that&amp;rsquo;s consistent with the &lt;a
 href="https://welcome.yttrx.com"
 
 target="_blank" rel="noopener"
 
 
&gt;welcome.yttrx.com&lt;/a&gt;
 site that i recently stood up, and here i&amp;rsquo;ll keep some of my technical notes on running a mastodon server and dealing with the headaches that it involves.&lt;/p&gt;</description></item><item><title>yttrx mastodon antispam</title><link>https://waffles.yttrx.com/posts/email-spam-in-a-pain/</link><pubDate>Sat, 10 Dec 2022 00:00:00 -0800</pubDate><guid>https://waffles.yttrx.com/posts/email-spam-in-a-pain/</guid><description>&lt;h2 id="dnsbl"&gt;DNSBL &lt;a class="heading-anchor" href="#dnsbl" aria-hidden="true"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;A &lt;a
 href="https://en.wikipedia.org/wiki/Domain_Name_System-based_blocklist"
 
 target="_blank" rel="noopener"
 
 
&gt;DNSBL&lt;/a&gt;
 is a system built upon DNS zones, in which anti spam organizations will publish lists of bad IPs/Domains via their published zones. This allows others to query their DNS servers and ask if a particular IP/domain is known to be bad, and make a policy decision based upon that. I&amp;rsquo;ll be blocking mail that hits positive with a number of domains. It&amp;rsquo;s been a few years since I followed which DNSBLs were high quality and low on false positives, but since this is for a personal mail system I&amp;rsquo;m less risk adverse and am fine with some false positives. As such, I&amp;rsquo;ll cast the net wide and use quite a few block lists.&lt;/p&gt;</description></item><item><title>yttrx mastodon remote postgres</title><link>https://waffles.yttrx.com/posts/remote-postgres/</link><pubDate>Sun, 04 Dec 2022 00:00:00 -0800</pubDate><guid>https://waffles.yttrx.com/posts/remote-postgres/</guid><description>&lt;p&gt;Currently everything runs on a single host, connecting through a docker bridge, and the postgresql instance just trusts every connection. This is secured by the fact that the database container isn&amp;rsquo;t bridged to an outside network, so only other containers are able to connect to it. Unfortunately, we want to be able to connect from the outside.&lt;/p&gt;

&lt;h2 id="updating-the-docker-compose-file"&gt;Updating the docker-compose file &lt;a class="heading-anchor" href="#updating-the-docker-compose-file" aria-hidden="true"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;First we update the docker compose file to expose connections from the outside:&lt;/p&gt;</description></item><item><title>yttrx mastodon pgbouncer</title><link>https://waffles.yttrx.com/posts/pgbouncer/</link><pubDate>Tue, 29 Nov 2022 00:00:00 -0800</pubDate><guid>https://waffles.yttrx.com/posts/pgbouncer/</guid><description>&lt;p&gt;For context, I&amp;rsquo;m running mastodon within docker, with all services running on a single VM. This means that networking is fairly straight forward, and the usage of the system is small, so the complexity of it is also small. But something that I keep reading, is that sooner or later, you&amp;rsquo;ll start running out of postgresql connections as you start needing to scale up your sidekiq workers.&lt;/p&gt;
&lt;p&gt;So why not nip that in the bud?&lt;/p&gt;</description></item><item><title>yttrx mastodon defederation</title><link>https://waffles.yttrx.com/posts/defederation/</link><pubDate>Fri, 25 Nov 2022 00:00:00 -0800</pubDate><guid>https://waffles.yttrx.com/posts/defederation/</guid><description>&lt;p&gt;For years, as email operators struggled to keep unsolicited messages out of their users&amp;rsquo; inboxes, the notion of &amp;ldquo;block lists&amp;rdquo; emerged. Implemented as lists of IP and domain name lists stored within DNS, email operators would subscribe to curated lists (either for free, or for pay) in order to reject the messages outright, or mark them as spam and divert them away from the INBOX.&lt;/p&gt;
&lt;p&gt;Email operators aren&amp;rsquo;t interested in maintaining their own lists – this takes a lot of time and effort, as each email operator will likely be hit by the same spam gangs as many other operator. Curating custom block lists has a diminishing return vs the effort it takes to keep those lists up to date and clean of false positives.&lt;/p&gt;</description></item><item><title>yttrx mastodon email</title><link>https://waffles.yttrx.com/posts/email-is-a-pain/</link><pubDate>Thu, 24 Nov 2022 00:00:00 -0800</pubDate><guid>https://waffles.yttrx.com/posts/email-is-a-pain/</guid><description>&lt;p&gt;I don&amp;rsquo;t know anyone who&amp;rsquo;s spent any amount of time working with email and really enjoyed it. There&amp;rsquo;s a lot to tweak and get wrong with email when you&amp;rsquo;re interested in not operating an open relay, and not interesting in all of your mail being junked at the receiver&amp;rsquo;s end. I needed to setup some sort of mail transport for the yttrx mastodon server, and my first thoughts were paid SMTP services like sendgrid etc. I ended up deciding against that as they require a lot of personal information to be shared with the recipients for anti spam reasons, and I wasn&amp;rsquo;t interested in divulging that type of information to anyone who was interested in signing up for my mastodon instance. So postfix it was.&lt;/p&gt;</description></item><item><title>yttrx mastodon introduction</title><link>https://waffles.yttrx.com/posts/welcome-to-my-blog/</link><pubDate>Wed, 23 Nov 2022 16:21:18 -0800</pubDate><guid>https://waffles.yttrx.com/posts/welcome-to-my-blog/</guid><description>&lt;p&gt;The other week a friend and I decided to spin up a mastodon instance to play around with it. I&amp;rsquo;d been using mastodon for several years, and with the news that mastodon.technology was shutting down, I moved back to my old mastodon.social account, only to find it completely slammed with new users. I figured that it was time to start up our own instance, both for the fun, and ensuring that we wouldn&amp;rsquo;t have a super laggy experience.&lt;/p&gt;</description></item></channel></rss>