Techie :: Techno ::: June 2005 Archives

Mailscanner allows for a very fine level of control over email content and security via its configuration and ruleset files. This article shall look at setting up per user or per domain rules for file types. It is based on my experience with MailScanner on RPM based systems, however it should work on any system running a standard install of MailScanner. Why would this be of interest? If you are scanning mail for multiple domains and companies you may wish to impose restrictions on certain file types for particular users or, as is more often the case, these restrictions will be forced on you. Getting Started If the server is in production you may want to stop MailScanner processing mail while you make the changes to its configuration: /etc/init.d/MailScanner stop;/etc/init.d/MailScanner starting This will stop MailScanner and then restart its "in" queue, so mail will "sit" in the inbound queue. Open MailScanner.conf in vi: vim /etc/MailScanner/MailScanner.conf Look for the line : Filename Rules = %etc-dir%/filename.rules.conf In order to make this a ruleset which you can control you should change this to something like: Filename Rules = %etc-dir%/filename.rules in /etc/MailScanner you need to create the actual ruleset file. The way I did it was: FromOrTo: default /etc/MailScanner/filename.rules.conf FromOrTo: *@domain1.ie /etc/MailScanner/filename.rules.domain1.conf FromOrTo: *@domain2.com /etc/MailScanner/filename.rules.domain2.conf The first file: /etc/MailScanner/filename.rules.conf is the one that ships with MailScanner (with or without sidewide modifications). The other file(s) contain domain/user specific directives. For example, one of our clients asked us to block ALL zip files, so the custom ruleset contained one minor, but important, difference: deny \.zip$ - - If you have been "hacking" MailScanner for a while you will know that you can specify rules to apply to an entire domain: *@domain.tld or a specific user: user@domain.tld You could also do it using something like: From user1@domain.tld and To user2@domain.tld The README is helpful: As you can see, each rule has 3 fields: 1. Direction (or "Virus:") 2. Pattern to match 3. Result value (or values) or 6 fields: 1. Direction 1 (or "Virus:") 2. Pattern to match 3. The literal word "and" 4. Direction 2 (or "Virus:") 5. Pattern to match 6. Result value (or values) Your mileage may vary :)

There has been a lot of commotion in technical circles in the past week following on Microsoft's announcement that it was implementing Sender ID for hotmail. Microsoft's original plans for sender ID seemed to be quashed when the Open Source community, most notably the Apache Software Foundation, made it clear that they did not support Microsoft's implementation. The original MS version of sender ID seems to have fallen by the wayside to be replaced by SPF, which I mentioned a few months ago. What is causing some confusion is Microsoft's insistence on referring to it as "sender ID", while all the documentation on their site points back to the SPF homepage. Is there any difference? It would seem not. In the last week a number of our clients who hadn't already published SPF for their domains did so and we are now publishing a basic set for our primary domain. Should we applaud Microsoft? I think not. A more responsible attitude would have been to allow people a bit more time to prepare their DNS. Having said that, SPF records are not particulary complicated, but it still requires some thought to set them up. If you are only sending mail from one mailserver and never from any other and do not outsource any services to 3rd parties that may send email on your behalf, then an SPF record could be very simple. Have a look at the one from aol.com: aol.com. 300 IN TXT "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all" aol.com. 300 IN TXT "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all" It's not overly complex, but if you compare it to mine for this domain: mneylon.com. 900 IN TXT "v=spf1 a a:tristan.blacknight.ie -all" you can see that they have had to take into account more complex factors. Microsoft.com on the other hand, is being "clever": microsoft.com. 3600 IN TXT "v=spf1 mx redirect=_spf.microsoft.com" they are actually sending you off to check against _spf.microsoft.com which has: _spf.microsoft.com. 3600 IN TXT "v=spf1 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 ip4:131.107.3.116 ip4:131.107.3.117 ip4:131.107.3.100 ip4:131.107.3.108 a:delivery.pens.microsoft.com a:mh.microsoft.m0.net mx:microsoft.com ?all" Even their SPF record might not be entirely comprehensive. Microsoft have been known to outsource some mailing lists to 3rd parties, so why aren't they mentioned? So what of Irish business? Who is publishing SPF? Newsweaver isn't, Techcentral.ie seem to be oblivious to it, as are ENN and those are just a small selection of email sources that I receive mail from regularly. DirectSki.com are publishing SPF, but they seem to be in the minority. What's even more amusing is that one of our competitors who fancy themselves as providers of antispam haven't even bothered to do it. Will this mean that they'll all be rushing to rectify the situation over the next few weeks or will they remain in blissful ignorance? I guess we'll have to wait and see, but with SPF being adopted by some of the largest free email providers it is only a matter of time before the rest of the world is forced to follow suit.

A couple of months ago the IEDR released a list of deleted domains. So how is the "after market" faring? Are the domains being "snapped up" as quickly as their availability is made known? It's hard to say unless you check the list on a regular basis, however it does seem to be turning up some gems. The list today, for example, included gems such as:

• dvdrental.ie
• babyshop.ie
• companyshop.ie
• flatfinder.ie
• Hairdressers.ie
• video.ie

If these domains have been left expire it shows just how little a good domain name really means if it isn't backed by something more. Or does it? What happens with these domains when they are registered again? Does Google sandbox them? Should the IEDR be looking at offering these domains at a premium rate? Or should there be some kind of web service for resellers to inform their clients of "hot" deletions? Idle speculation? Maybe not entirely. The recent debate about personal domains here demonstrates that some people are interested in the subject :)

So Google launched site targetting a few days ago. I have both an adwords and an adsense account with Google, or more precisely, the company has one of each and I have an adsense account as well :) From an advertiser's perspective I would have thought that selecting a range of sites would have led to impressions clocking up, but I was obviously wrong. With the standard adwords you are given an indication of where your ad will appear in relation to the amount you bid on the keyword or phrase, whereas with the CPM model you don't seem to have that option. Some kind of "bid X to get Y impressions on somesite.tld" would be helpful. Maybe this kind of functionality is going to be added at a later stage. The flipside to this is adsense. How will earnings be affected by the new payment model? If advertisers were previously paying for clicks does this mean that now publishers will be paid for impressions? There doesn't seem to be any mention of it in the adsense help docs. Am I missing something?

Would people be interested in registering personal IE domains if there was a special subdomain for it eg. name.ie or ainm.ie (or some other semantically logical derivative) ? We get requests for IE domains every single day. In most cases they are from either registered businesses or similar, but we are seeing an increasing demand for personal domains. Unfortunately the IEDR's naming policies do not allow you to register something like micheleneylon.ie unless your business or activity is known by that name. So, for example, a published author can register their name, as can a politician or other public figure, however a private citizen cannot. This does lead to issues, as people look at other cctlds, such as co.uk and see that they can register whatever they want, whereas with .ie not only are they more restricted by the naming schema, and are reduced to registering mjn1.ie or similar if they don't register a business name with the CRO I can understand the IEDR's current rules in most instances, however maybe it is time that they introduced a new "section". Other countries have designated part of the namespace for specific areas, so .ac.uk is reserved for academic institutions and various other "areas" exist within other national registries. To date the Irish namespace has been flat. There is no differenciation between private businesses, government departments, education or personal space. Would a change be of benefit or would it merely cause more problems that it solved? The IEDR is not the organisation it used to be. Earlier this year they reported profits, while they also made a move towards creating some form of "after market" in "secondhand" domains. From a technical perspective there have been some significant changes, although most of them would not be visible to the end user but would be of great interest to companies such as ourselves that register domains on behalf of our clients. Of course one of the obvious arguments against a move like this would be the current size of the cctld. I stress current, as a move like this could help to grow it significantly. However, for that to happen, these domains could not be priced at the existing level, which varies from €40 to over €100, depending on the reseller. If an individual could get their own domain for a price similar to that of a .com it would surely be attractive, however the IEDR may be able to argue against that pricing also. On what grounds you may ask? Well the IEDR is not like .com. It is not a fully automated system. Each and every registration and modification request has to be manually reviewed by the IEDR staff, who work from Monday to Friday. If you want to make a simple DNS change on a Friday evening, for example, you will have to wait until the following Monday morning before it can be enacted. What can be done to address this situation? The obvious answer would be to introduce a greater level of automation. If, for example, a system similar to Nominet's automaton was put in place then requests could be processed almost automatically. Needless to say there would have to be some level of verification, but surely a DNS change does not require a hostmaster's intervention? Surely the onus lies on the reseller or their client to know if they have setup their DNS correctly or not, as it will not be processed until it passes the DNS check in either case.

This seems to be the week for tweaking my blog :) Two new plugins I found whilst browsing have now been installed. One of them is only viewable by the site admin (me) and changes the admin interface entirely. WP Tiger only works with CSS2 capable browsers and downgrades automatically for CSS challenged browsers such as IE 6. The other one is for the actual RSS feeds. Feedburner can do all sorts of interesting things with a blog feed, so integrating it smoothly with wordpress was something I wanted to do. Fortunately there is a nice little plugin that does just that. The only thing on my end that needed changing was my .htaccess Judging by the issues I had been having I think my .htaccess was in serious need of an update :) Wordpress was able to regenerate it correctly within a couple of seconds, so now all my plugins work properly AND I've fixed the annoying issue with the older posts vanishing into the ether Yay!

I decided to make a few enhancements to my blog this evening. I was meant to be doing something more productive, but I got sidetracked playing with Wordpress :) This site can be a bit sluggish at times due to the number of MySQL queries running (executing) at any given time, so Niall suggested that I should cache it.. I finally got round to doing so this evening. WP-Cache basically stores a copy of the files on the system of the files on the system, so they don't need to be compiled each time they are requested. It would obviously benefit a site with more traffic than this one, but I'm getting a bit tired of the random MySQL restarts that I've become accustomed to executing I also added another minor Amazon hack - it needs some tweaking to get it working with the current release of WP and I'm not 100% happy with the way it's displaying .... I also installed a contact form and the "subscribe to comments" plugin.

Bernard spotted this: the bottom of the screen shows this:

Planet of the Blogs now have a ping service available at: http://www.planetoftheblogs.com/xml-rpc.php You can update your blog options to send a pingback to the URL with every post. In Wordpress go to: http://yourdomain/blogpath/wp-admin/options-writing.php (edit URL to fit your setup) and add a line to point to them:

Typo3 is an advanced CMS system based on Php and MySQL. I decided to give typo3 a go for a new site I'm messing about with in my free time. I needed something that could manage the content easily without looking like phpnuke with its ugly urls and box-like layout, so typo was the obvious choice. The powerful options available in terms of content management are worth the effort, but you have to be prepared for its learning curve. It's not simply a matter of grabbing the files, uploading them and publishing. The initial setup and configuration via the install tool takes a good half hour to complete, as you have to edit a wide range of options and paths before you can begin using it. Unlike some open source projects typo doesn't come with a lot of documentation - at least not in English, so using an example site as a starting point can make things marginally easier. Tom from 2BScene uses it widely and our current site uses it as the backend, so I've been picking his brain over the last few days. There are a wide range of extensions available via the online repository, so spending a bit of time exploring the options can pay dividends.

Sitevista is currently beta testing and I was lucky enough to get an invite. You can test your site against a wide range of browsers, resolutions and colour depths. Very handy! More information here

I would have thought that accessibility would have been a primary concern of any sites run by Government departments, however the CRO's "security" feature on the company search form seems to make a complete mockery of that. I am a normal sighted person. I do wear glasses, but I am far from blind. However, I have serious issues making out what the security code is on the CRO site at times. How would someone with bad eyesight or a serious ailment handle it? It would be interesting to see how many high profile sites are actually accessible. I'm not saying that all sites have to comply fully with the w3c accessibility guidelines, but some sites are even impossible to navigate using a normal browser as their authors seem to think that only Windows and IE5+ exist (ie. ActiveX junk) Related stuff: http://eaccess.rince.ie/talks/2003/braillenet-29-Apr-2003/ http://eaccess.rince.ie/white-papers/2002/warp-2002-00/

An updated version of SA was released earlier today. There are some bug fixes plus the addition of the SURBL JP DNSBL Download it from your local mirror Thing

Google has released a new tool/project to aid in the indexing of sites. According to one of their engineers: "It's a beta "ecosystem" that may help webmasters with two current challenges: keeping Google informed about all of your new web pages or updates, and increasing the coverage of your web pages in the Google index." They're calling it Google Sitemap Protocol (GSP) :) The project is hosted on sourceforge and is open source (under a creative commons license) using Python for the generation of the actual xml files etc., that are required. More information is available on the Google help pages and there is also an interview over on Danny Sullivan's blog which goes into it in some depth. It's an interesting idea and I'd be interested in experimenting with it. It certainly does have some interesting features: " 'accesslog' nodes tell the script to scan Apache-style webserver log files to extract URLs on your site." So it will learn about pages on your site from your access logs - interesting, but what about the pages nobody ever visits? It also has a new take on the robots exclusion: Filters specify wild-card patterns that the script compares against all URLs it finds. Filters can be used to exclude certain URLs from your Sitemap, for instance if you have hidden content that you hope the search engines don't find. So you can basically exclude pages from the sitemap. The configuration file and the sitemap it produces are XML and the actual definition can be seen at: http://www.google.com/schemas/sitemap/0.84/siteindex.xsd You basically setup your configuration file to reflect your site and then get the python script to generate the actual sitemap for you and "ping" Google with the updated information. As its open source there's nothing to stop you from hacking it to death and getting it to the same thing for another spider. Or, if webmasters could agree on a common location for the outputted file, there would be nothing stopping other spiders, such as Slurp from grabbing info from the XML. It holds a wealth of possibilities as it uses an open standard. And if you're using Wordpress there's already a plugin available (which I've already installed)! Don't forget to submit the map at: https://www.google.com/webmasters/sitemaps/

Well all the waiting is over. The latest stable version of Debian, codenamed Sarge, has finally been released: http://ftp.debian.org/dists/stable/Release - read the version info at the top of the file (nicely spotted davew) There's a couple of mentions over on Planet Debian, but nothing major. I updated my apt sources last week in preparation for the final release, so that's this server sorted (I guess) Update: the official release announcement has been posted

URIBL has recently launched with four new blacklists of URIs. The criteria are similar as those used by SURBL. There are four lists currently available: * black.uribl.com - Which is an aggresive list of known spammers. With a goal of zero False Positives. * grey.uribl.com - Which lists people who spam and have legitimate uses. This will cause False Positives for some depending on your definition of SPAM. * red.uribl.com - Experimental list for new domain registrations and mass moves between registries that are defined as spam supporters or facilitators. Use at your own risk. * multi.uribl.com - Which checks to see if a domain is on any of the lists. I added them to our filters last week and the results so far have been very good. Instructions on integrating them with your existing SpamAssassin setup may be found here There is also an easy to use submission form where you can report either URIs or full spam examples with the URIs.

Today I discovered that Comodo had launched a "wonderful" new anti-spam product. It's great! It will stop all spam effectively. It will also stop any effective communication via email in the process, but surely that is a small price to pay for keeping your inbox clean? I think not. I tried to send a business email to them today but got this really "helpful" message back from them: Hi, this is XXXX. Your recent email has been delivered to my computer, but because you're not yet in my trusted senders list, it hasn't been placed in my inbox. To get added to my trusted senders list, please reply to this message with my AntiSpam passcode. Here's all you have to do: 1. Press Reply 2. In the body of the reply, type in my AntiSpam Passcode: 3. Press Send. When I receive this reply, I will know that it was really you that sent me the email and not a computerized spammer. I will then be able to read all your mail. This authentication will be done only once. Thank you & have a great day, XXXX Easy? Let's have a look at what I got in my inbox: Note the total lack of an image or code of any kind. What does this mean? Well, basically it means that the idiot is "protecting" his inbox with a defective tool. I don't care if it's a transient bug in their software or whether pigs fly. Due to their stupidity my email has not reached the intended recipient, so if I was trying to place an order ie. spend money with them, then they have lost the transaction. Brilliant, isn't it? I've never been in favour of CR (challenge response) as a method to "fight" spam, as it breaks the entire communication stream. There are plenty of ways that you can block spam and still maintain your business relationships safely. The Comodo method is obviously not one of them. I would love to know what they were thinking when they decided to "protect" their inboxes using it. Maybe they'll learn or maybe they'll lose business as a result of their stupidity.