Techie :: Techno ::: October 2004 Archives

Spam Assassin 3 comes with a builtin SPF record checker, so it would make sense to publish SPF records for domains. Or would it? This domain has now got a simple set of SPF records which I setup using a couple of the online tools to generate them. If you want to see how many domains are publishing SPF have a look here. Although it is not a definitive listing it does give some indication of the number of records published, including some of the higher profile sites. Gmail checks for SPF, so you will see results in your headers: Received-SPF: neutral (gmail.com: xxx.xxx.xxx.xxx is neither permitted nor denied by domain of xxxxx@xxxx.com) The key with SPF is the scoring. If you explicitly set your SPF records to a limited number of hosts/IPs then any mail purporting to come from your domain will be checked against its SPF record. If the sending IP/hostname is not in the SPF record then the receiving MTA should not "trust" it. Will this lead to a reduction in spam? No, but it should help to cut down the amount of spoofed junk hitting people's mail boxes. If you publish SPF records for your domains you *should* be able to reduce the likelihood of you r domain being used in a "joe job". At least that's my understanding of it. If you need help in setting up SPF records then look at:

• SPF site
• SPF tools

There is a lot of debate surrounding SPF in general, but some good articles like this one make it very clear.

Upgrading MailScanner on an rpm based system is not complicated as long as you read the messages on the screen. First off go to the MailScanner download section and get the version you want to upgrade to. The second one in the list is the rpm version for RedHat and derivatives. Normally there is a choice of "stable" and "beta" downloads. What's the difference? The stable has been tested more thoroughly by beta testers and is unlikely to cause any issues on your system. The beta release may not be as thoroughly tested and is not really aimed at the "faint hearted". Put it another way, if you are not extremely comfortable with managing MailScanner don't use the beta release :mrgreen: I would recommend that you download any installers into a specific directory in /home, for example I use /home/blacknight to store them. DO NOT download the installer to /etc/MailScanner Let's begin: cd /home/blacknight (edit this to taste) wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.34.8-4.rpm.tar.gz (change URL to the most recent version / the version you want to install) tar -zxvf MailScanner-4.34.8-4.rpm.tar.gz (change to file you have downloaded) cd MailScanner* < <- move into the MailScanner installer directory At this point it would not be a bad idea to stop the running MS daemon, so issue the following commands: /etc/init.d/MailScanner stop /etc/init.d/MailScanner startin This will stop the main daemon but then restart the incoming queue. Next we install MS by running: ./install.sh Depending on your setup it can take anything up to 15 minutes to complete. At the end of the process do the following (presuming you haven't had huge errors!) cd /etc/MailScanner << where the MailScanner scripts "live" upgrade_MailScanner_conf << if run by itself it will give you tips on usage upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new this will read in the "new" config file and "intelligently" append any new option directives to your existing config which will create a new file called MailScanner.new You can compare the two files using the "diff" command if you want, but the output of the upgrade script is usually quite verbose. We then need to overwrite the "old" config file with the new one: mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf Now restart MailScanner: /etc/init.d/MailScanner restart If you want to see exactly what you are using try this: MailScanner -v which will give you a quite verbose breakdown of all the various modules and addons in use on your system Enjoy!

Useful procmail recipes here to stop CR junk hitting your mailbox

DNS is a fundamental part of the internet's fabric. Break it and thing's start going wrong. If your zones do not comply to the RFCs then all sorts of strange things can happen. We host quite a few domains, so our nameserver information is public (obviously). Unfortunately some people seem to think that by pointing a domain at our nameservers it will "magically" get into our DNS! I was informed yesterday that there were at least 20 domains pointing at our nameservers that did not have an SOA. Presumably none of them were hoping to get anywhere :mrgreen: Another common mistake is when people think they've pointed the dns at us, but have used the incorrect information. eg. we have ns.domain.tld and ns2.domain.tld while they seem to think that we have ns1.domain.tld and ns2.domain.tld or some other variant. Other common issues are related to Windows in offices. Typically the IT service company installs Office 200* small business or similar with Exchange. They should set it up for local email without interfering with their public domain. Our DNS logs tell a totally different story. This can lead to interesting issues Of course the bigger problems are when things (like email) go missing. Typical scenario is that the domain was registered by company X, who happens to be an ISP providing access (dialup, dsl etc). The domain is then moved to another company, but the losing ISP does not remove the DNS entries. As most of their clients use the ISPs DNS mail etc., will bounce or simply vanish. In the case of non-Irish hosting companies DNS can be hilarious. The number of times we've seen errors from IE domains because the DNS was not setup correctly isn't even vaguely amusing. If you aren't sure about how to manage DNS don't try. Please! You hurt the rest of us!! Useful links:

• Zonecheck
• DNS Report

If you need to run DNS then you should read up on it first:

I installed x.org 6.8.1 on my desktop (debian unstable) yesterday to see what it was like. The installation was quite painless, but getting it to work properly did require some work. The documentation on the X.org site is fine for compilation / installation but does not cover usage and configuration. I found some documentation, with pointers, on the gentoo site, however the "funkier" features of X are transparency and drop shadows, which you can't do "out of the box". You need to get a couple of tools, namely xcompmgr and transset. I'm running debian unstable on my desktop, so I used rpms via alien to install the necessary software. Of course I am no expert with X configuration, so I enlisted the help of pron, who was able to edit my xorg.conf to make it a bit saner (thanks pron) The ATI card may support some of the more advanced features of x.org, but I haven't had a chance to do any research into it yet. So far I've tried the transparency and drop shadows. They both work and look fantastic, but the performance is pretty dire :mrgreen: To see some of the things you can do with x.org have a look at: KDE

I was going to send this Mr Weckler directly, but I realised that it stood little chance of being published, so I'm putting it here instead. Sir I am writing in my capacity as MD of an Irish hosting company with regard to your most recent editorial “Cut your web-hosting costs with a little DIY”. Your article's bottom line was "don't buy Irish", however as a journalist it would be expected that any such message would have been backed up by proper research. It was not. Although you seem to think that Irish business is paying “too much” you don’t seem to have addressed what they actually want or need. Irish hosting companies, like us, have made a conscious decision to invest in the Irish market and to support the Irish economy. From the clients’ perspective this brings a number of clear advantages, such as being able to access local customer support during Irish office hours. The majority of the cheap US hosts do not offer 24/7 support, so Irish clientele will suffer from the time difference. If you have an issue with email at 9am IST, then you could be waiting until 3pm IST to get a response from a US company, as they are generally between 6 and 8 hours behind Ireland. Although this may not be an issue for some of the more “tech savvy” clients the majority of Irish SMEs do not fit into that category and require technical assistance on a regular basis. Users find websites by using search engines. If a domain (site) is hosted in the US it will not be listed by Google as being a "site from Ireland". If the site's primary market is Ireland, it will lose customers. Many of the lower end US hosters are resellers of resellers of resellers. They typically have no technical competence. One of the issues that many Irish clients face is the total lack of competency shown by many of the smaller US companies. The most frequent problem is that the client's domain is not properly setup in the DNS. This results in loss of mail, and a website not being found. Others pursue highly disreputable domain registration practices. It is not unusual to find that some of these “bottomfeeders” have registered the client's domain in their own name. Consequently the client only finds out that they have no domain when they try to move hosts In your article you stated categorically that there was “no advantage in web-hosting just because the company happens to be Irish”. The opposite is the case. We believe that the client is entitled to a decent level of customer support and technical support. Our staff spend more time dealing with technical support and customer service queries than anything else between 9am and 6pm (Irish office hours). You cited Yahoo’s small business hosting package as an example, but you may not have examined it in any detail. Although they offer 2GB of disk space they do not offer any server-side scripting, so even a simple feedback form would not be supported by that package. From a practical point of view no Irish SME would realistically need that amount of disk space unless they were using it for storing illegal software. The US market is completely saturated with resellers of resellers of resellers all fighting it out over 2 cents, which leads to the hosting plans with the crazy amounts of disk space and unrealistic amounts of bandwidth on offer. Their entire business model is based on overselling their capacity by 1000% or more. If their clients actually made use of their allocation Yahoo et al would not be able to offer those kind of prices for very long. If you wish to write something in 'defence' of the Irish consumer and to attack Irish businesses, you should try basing it on facts. Did you actually speak to anybody in a "cost-conscious" small company? Did you contact any of the "big" Irish webhosting companies? Did you actually do any research at all? Regards

BGPlay %u2013 graphical visualisation of BGP updates Yes. It is extremely geeky, but it is fascinating to watch.

We finally launched our new site this evening. There are still a couple of minor bugs, but nothing too serious. Most of the new site validates as XHTML 1.0 transitional which is nice. Getting the rest of it to do likewise shouldn't be too hard :mrgreen: You can see it here As you can guess from the URLs it is running off a CMS. In our case we are using Typo3 which is very flexible and powerful.