Archive for December, 2006

Quote of the week: December 25th, 2006

Monday, December 25th, 2006

I know plenty of people have said, “program carefully”, but that’s like saying, “Seatbelts are stupid. If we all just drove safely we wouldn’t need seatbelts or airbags or bumpers.”

Messagelabs spam filtering service SUCKS!

Thursday, December 21st, 2006

Upon attempting to send an email to someone at my place of employment, it got bounced. Here is the message I received:

xxx.xxx.xxx.xxx failed after I sent the message.
Remote host said: 553-Message filtered. Please see the FAQs section on spam
553-at http://www.messagelabs.com/support/ for more
553 information. (#5.7.1)

This is the third time I’ve seen messagelabs used as a 3rd-party spam filtering service by businesses and have blocked legit messages from both my domain and my former employer’s domain. So I decided to investigate a bit further and figure out why I’m being blocked this time.

First, let’s follow Messagelab’s guidelines found here.

Let’s go down the checklist:

Ensure your mail server is not open relay – http://www.abuse.net/relay.html.

I entered my domain name here and my server passed this test just fine.

Check if your sending IP is on any black lists. A good place to check this is http://www.dnsstuff.com. This will be able to show any 3rd party lists that may have received spam from your mail server.

Next, I checked DNSstuff per their guidelines and there was two entries, both from SORBS.net, which stated:

Netblock: 75.21.160.0/19 (75.21.160.0-75.21.191.255)
Record Created: Wed Sep 13 05:17:29 2006 GMT
Record Updated: Wed Sep 13 05:17:29 2006 GMT
Additional Information: [SBC Supplied Dynamics List - 18/8/06] Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment.

So SORBS blocked a huge list of SBC customers from sending email if they decided to use their own server for sending email. Fine, this doesn’t affect me because I already use my ISPs mail server for sending email. However, SBC doesn’t allow sending of mail anyways unless you configure your mail server just right and I don’t really feel like jumping through the hoops. This is to prevent virus infected Windows machines from clogging the internet up with even more spam. So yes, I use my ISPs SMTP server for sending mail from my domain, so this doesn’t affect me.

If your internet line is provided by DSL or Cable that shares IP’s with residential users, please ensure your mail server sends to your ISP’s smarthost instead of direct to the internet. This reduces the potential of your email as being mis-detected as coming from a Trojan infected home user machine.

Confirms what I have just stated – doesn’t affect me.

Ensure the email you are sending does not contain any spam content (ie. forwarded spam or ‘spamvertised’ URL’s).

I’ve sent emails to the same user with the same content and rarely with any URLs whatsoever. In fact, the email that got filtered only had one URL in it, but it’s been in my signature for years. My mail signature:

--
"How much time do we have?"
Linux user #309094
Machine IDs 195080, 243403, 243404
counter.li.org

Ensure your mail server is configured correctly.

I have run several tests on it including the tests from messagelabs and I’ve passed all tests with flying colors.

Ensure you have no virus infected machines on your network that are being used to send spam through your mail server.

I use Linux and have checked for rootkits for shits and giggles.

Ensure you have no exploitable web scripts on your web servers that could be abused to send spam. The most commonly used one is php contact scripts which spammers can easily abuse the php mail() function to send what they want.

I’ve tested all PHP scripts on my web site and I do not have any php mail() functions other than for registration of this blog. However, all outgoing mail for new registrations on this blog are approved by me first before being sent, so this is not an issue.

Make sure any ‘opt-in’ newsletters contain an ‘opt-out’ link to be certain users can easily unsubscribe.

I do not send out any newsletters, nor do I ever plan to.

Last, but not least:

What does “553-Message filtered” mean?
This means that your email has met certain characteristics which make it appear to be spam. Please refer to the above suggestions and try sending the email again. If the email continues to be rejected with the “553-Message filtered” message, please contact your recipient and request that they add you to their approved senders list.

For the record, I sent no attachments either. My message, verbatim:

Subject: Hi!

Just thought I'd drop you a line and say "hi". Hope you're having a good
day!

:)
--
"How much time do we have?"
Linux user #309094
Machine IDs 195080, 243403, 243404
counter.li.org

Now I seem to remember a few worms sending out email with the subject of “Hi!”, but have spam filters really become this strict or stupid? I sent the same message with the subject “Howdy” and it appears to have gone through just fine.

What really yanks my chain on stuff like this is the fact that companies even feel the need to use a 3rd party spam filtration service to begin with. If they’re using and maintaining their own mail server, then why not configure their own spam filtration system? It takes just a few minutes and doesn’t cost the company a dime. They’ll spend all sorts of time and money on securing their mail server and then the time and money on the initial system itself (*cough* Microsoft Exchange *cough*), and then not take a few minutes to set up the mail server or a second machine to do their own spam filtration. What gives? Look, I don’t know how much you’re spending on 3rd party spam filtration services, but here’s some free advice – stop doing it. It’s not secure by nature.

Here’s a free, easy solution that takes only a minimal amount of time to set up. Before the messages hit your email server, route them through a Linux mail server for filtration. Something like SpamAssassin with Postfix would do, or even just setting up Postfix to work as a spam filter on its own with the following configuration lines would work wonders (copy and paste if you’d like):

header_checks = regexp:/etc/postfix/header_checks

smtpd_helo_required = yes
disable_vrfy_command = yes

address_verify_map = btree:/var/run/postfix_address_verify

non_fqdn_reject_code = 450
invalid_hostname_reject_code = 450
maps_rbl_reject_code = 450

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/recipient_access
reject_unknown_recipient_domain
reject_unknown_sender_domain
reject_unknown_hostname
reject_unknown_client
reject_unverified_recipient
reject_unverified_sender
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_non_fqdn_hostname
reject_invalid_hostname
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client combined.njabl.org
reject_rbl_client bl.spamcop.net
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rhsbl_sender bogusmx.rfc-ignorant.org
reject_rhsbl_client dsn.rfc-ignorant.org
reject_rhsbl_client bogusmx.rfc-ignorant.org

Think to yourself how messagelabs likely filters spam. It appears that they’re using SORBS, a freely available spam database, for filtration and probably a few on the list above, so why not cut out the middleman and just do it yourself? They’re all free to use for anyone. Some are better than others, but shouldn’t you be the judge of which ones to use? I have found that SORBS is not the best choice for spam filtration both personally and through professional colleagues, but to each their own I suppose. At least then you have the ability of tweaking things, if necessary, to suit your business needs rather than leaving your business in the hands of others…who also may or may not be responsive to your business needs.

No monthly fees, no tweaking of rules, no fuss. Just config and forget. Wasn’t that easy?

Quote of the week: December 18th, 2006

Monday, December 18th, 2006

“Our goal can only be reached through a vehicle of a pain, in which we must fervently believe, and upon which we must vigorously act. There is no other route to success.” — Stephen A. Brennan

Keyloggers and Public Terminals

Friday, December 15th, 2006

Just a helpful tidbit for those that use public computers. When I’m on a public computer I always open up a notepad-like application and then type all the letters in the alphabet into it. After that, when I’m typing a password or something else sensitive, I’ll copy and paste individual letters into the password field. This stops keyloggers, makes you no longer “low-hanging fruit,” and should take care of any paranoia issues you might have as far as keyloggers go. Now you just need to worry about sniffers when there’s no encryption of your data across the wire 😉

Blaming things on “the real world”

Wednesday, December 13th, 2006

You don’t have to be young and inexperienced to be idealistic. Having high ideals and living up to them is harder when you are grown up and experience the real world, but it can be done. Only lazy and intellectually dishonest people do things that are morally/ethically/idealistically wrong and blame it on “the real world”.

To let America slide from a beacon of hope in the world to a distrusted mad dog because it’s too hard to do the right thing is frankly disgusting.

Or so I believe.

Quote of the week: December 11th, 2006

Monday, December 11th, 2006

“Religion is an attempt to get control over the sensory world, in which we are placed, by means of the wish-world which we have developed inside us as a result of biological and psychological necessites.” — Sigmund Freud

Quote of the week: December 4th, 2006

Monday, December 4th, 2006

The person who tries to live alone will not succeed as a human being. His heart withers if it does not answer another heart. His mind shrinks away if he hears only the echoes of his own thoughts and finds no other inspiration.

Linux vs. Windows facts

Sunday, December 3rd, 2006

Trying to get large companies to at least give Linux a shot is hard to do. Some have never heard of it, some are afraid of change (rightfully so in some cases), and some just don’t care to know anything other than Windows. All you can really do is give them the facts – and I don’t mean the Microsoft-funded “facts“.

According to top500.org, in 2005, 390 of the top 500 super-computers were using Linux. That means that 78% of super-computers run Linux. For instance, the world’s most powerful computer is IBM Blue Gene, and it uses Linux for its I/O nodes (more info here). Also, Google’s gigantic, powerful, and distributed search engine runs using over 60,000 Linux machines (more info here, here, and on Google’s Research page here). The fact that big, complicated, and highly successful operations use Linux shows what it can do. In the case of Google, it shows that they trust it to deliver the security they need.

You can urge them to get a second opinion. For instance, tell them to look over Secunia’s report on Windows XP compared to Ubuntu 5.10.

Ultimately, however, all you can do is provide them with an honest assessment of Linux’ strengths and weaknesses, and point out in what ways the media reports are wrong. If they respect your opinion, then they’ll make the right choice. If they refuse to listen to reason, then there is nothing you can do. People who are more interested in media sound-bites than expert discussion are essentially impossible to convince of anything they don’t already believe.

In other words, a conservative viewpoint with regards to technology is good, but it can lead to situations where the well-trodden path isn’t nearly as efficient as clearing a new one. As a wise man once said, ‘A foolish consistency is the hobgoblin of little minds.’