Information Technology - 4

Recently, on the SpamAssassin mailing list, someone was reporting that a newbie spammer seemed to have forgotten to replace variables with values. Someone else noted that the construction

might lead to weird and impossible IP addresses. Now, I really found that in my spam quarantine:

SpamAssassin is doing a good job on my site. It successfully protects my users’ mailboxes for some years now. However, during the last months spamming has increased significantly around the world. Luckily, only few spam is getting through, but a handful of spam mails a day is already too much for the pampered user. So I searched for current enhancements. So far I had only used Debian Etch’s standard spamassassin and amavisd-new packages.

I consider greylisting as a solution for days where I see no other choice. I can imagine my users being confused because they receive an expected mail not immediately. So I installed three enhancements for SpamAssassin:

• FuzzyOCR
• A botnet detector
• Rules against stock spam

The first one is available from Debian ‘unstable’, whereas the other two simply go into /etc/spamassassin. The SpamAssassin Rules Emporium provides a lot of other rules I haven’t tried yet.

The rules are already having some hits adding a lot to the spam score of messages. Here are examples from within 24 hours:

FUZZY_OCR=7.000 (twice), FUZZY_OCR=8.000, FUZZY_OCR=9.000 (5 times), FUZZY_OCR=10.000 (twice), BOTNET_OCNNEJP=5 (3 times), BOTNET_SHAWCABLE=5, SARE_STOCK_MSG_ID2=2.22 (5 times), SARE_GIF_ATTACH=0.75 (16 times), SARE_GIF_STOX=1.66 (6 times), SARE_PROLOSTOCK_SYM3=1.66 (8 times), SARE_MLH_Stock1=1.66 (12 times), SARE_RMML_Stock26=1.12, SARE_MLB_Stock1=1.66 (3 times), SARE_MLB_Stock3=0.794 (7 times), SARE_LWOILCO=0.388 (twice), SARE_LWSYMFMT=1.66, SARE_PROLOSTOCK_SYM4=2.66, SARE_PROLOSTOCK_SYM1=1.66, SARE_LWSHORTT=0.794.

So, it was worth the no effort. For those who wonder why there are only few hits, Postfix is already doing most of the job by rejecting bad connections.

Once again M$ do as if they had invented what already existed before. When I first saw Windows Vista on a PC, it reminded me of KDE.

Recently I wrote about a history of my cell phones and wondered whether I still own my very first cell phones. Yes I do! I took some pictures of my Philips Fizz and my Motorola StarTAC 75. Unfortunately, I don’t have any battery chargers anymore, so I couldn’t verify their function.

I successfully switched my hosting from my real-hardware machine ‘daemon’ to my new virtual-hardware machine ‘gauss’ which is hosted by HostEurope.de. After turning off the services on ‘daemon’ and doing a final sync, I started the services on ‘gauss’ and activated the TCP-forwarding on ‘daemon’ with rinetd. I forwarded FTP, HTTP(S) and IMAP(S) such that users could connect to the old IP where those connections got forwarded to the new IP. With this, the new host only saw connections originating from the old IP although they actually belonged to strangers. Therefore I didn’t also forward the SMTP-port directly, because in that case the realtime blacklisting would have failed.

So I configured Postfix to keep doing RBL lookups and SPAM and virus scanning, and to forward mails destined for the local domains to the new host. I did it this way:

We’re writing the year 1996. TV commercials start to add something like “www.companyname.com” at the bottom corners of the screen. Cell phones start to become popular. Some mates I met at the Austrian Federal Armed Forces used such things to phone with their girlfriends. As I didn’t have a girlfriend, I didn’t need a cell phone. It was the time when cell phones began to drop down from the managers to the rednecks, who carried them on their belts as if they were revolvers, always ready to draw.

It took me until October 1997 to receive my first one, due to opening a student’s account at a local bank. It was a Philips Fizz. I think I still have it somewhere at my parents, and it still should work, except for the display which has been broken by my brother. It was a cute thing. Philips seemed to have different designs which they didn’t distinguish. The antenna could be pulled out and the SIM-card had the size of a credit card. As I only had a prepaid card at that time, calls became rather expensive. I’m not quite sure if everyone was worth it.

I finally wanted to enable my users to relay mails via my own MTA, as it’s quite comfortable to be able to use the same outgoing mail server no matter what computing device you currently use or where you currently are. About three years ago there were no solutions enabling SMTP AUTH for Postfix without recompiling packages, so I had to wait until today where such features are now officially available within Debian. I found several HOWTOs about configuring SMTP AUTH with Postfix on Debian Woody or Debian Sarge, but things have changed (or will change, as Etch hasn’t been released yet). The Postfix version in Sarge is 2.1, whereas in Etch it’s 2.3. This is how I did it:

First, note that you don’t have to patch or (re-)compile anything. Etch’s Postfix package already supports TLS! First, I cared about configuring authentication with SASL, and after that I restricted authentication to TLS only. This makes debugging easier during the process. Because encryption already happens at the TLS-layer, I don’t need MD5 authentication and can stay PLAIN.

I’m planning to move my hosted domains to a virtual root-server. As more and more people are more and more relying on more and more services, I have to move the hardware-responsibility away from me. I don’t want to care anymore for breaking harddisks, aging CPUs or dying modems. I don’t want to care about network connection or power supply. I don’t want to hear my phone ringing because of such failures. I have better things to do than rushing out for new (old) hardware. I just want to care for the software. I’m interested in SPAM, not RAM.

Therefore I’ll finally move my server out of my house, maybe even out of my country. These are the possible candidates, in order of highest probability, all at a cost of about €15/month: HostEurope.de’s 15,000MB vServer, ARWeb.at’s 7,500MB vServer or Server4You.de’s 7,500MB vServer. As the first one offers a twice as high storage capacity than the others, it might be the one of choice. It even includes service monitoring. I want to set it up during January and migrate the services in February.