A couple weeks ago, the SORBS spamtrap list picked up a few Hotmail and Gmail servers, and a Yahoo mailing list server. This lead to me getting complaints that legitimate mail was bouncing. I’m all for letting the mail get blocked, because it’s the only way that large companies like Google and Microsoft will be forced to fix problems. Unfortunately, the end users don’t see it this way. They think because Hotmail user A can’t get mail to our user B, it’s a problem with our system and we need to fix it. Ignoring the fact that thousands of other ISPs who use the same RBL are also blocking mail from those people. Long story short, I was forced to remove the spamtrap RBL (by using all of the separate SORBS RBLs instead of the composite list) — the mail started flowing again and the complaints stopped.
This is leading to conversations on the general merit of RBLs in general, and whether or not we should use them because it’s allowing someone else to control whether or not mail gets to our users. Of course the people raising these questions do not have to listen to the end user complaints. People want all their mail and no spam, which of course is impossible.
Currently, between several different RBLs, we reject about 130,000 messages per day (~80% of the total daily mail volume) at the MTA level. Should we turn them off, everybody would notice. There are no other spam filtering techniques that have done as much to reduce our spam overall as RBLs. Sure, we could throw a million content filters at it, but that takes a lot of horsepower to run, and probably would not be as effective. I put more stock in RBLs than I do in content filtering. The only legitimate alternative to using RBLs at the MTA level is using them in SpamAssassin where they are ranked with scores based on the RBL’s reliability and such. However, performing the RBL checks in SpamAssassin also introduces a lot more delays in message delivery (and of course, if someone sends an e-mail and the other person doesn’t have it in less than a minute people call and complain too!)
Life would be so much easier if there was a secure and spam-resistant alternative to SMTP, but that won’t be happening anytime soon.
So it’s been quite some time since I posted anything, mainly because I’ve been rather busy on a project at work. It’s a fairly complex system that we used Ruby on Rails for. I had never used Rails before (or Ruby for that matter!) but it was easy to pick up (I suppose having coded in a dozen languages or so at one time or another makes picking up new ones easier…) Rails really excels at taking care of the grunt work (db access/mapping especially) and lets you focus on what you’re trying to accomplish.
I did all of my coding using Eclipse, with Ruby Develpment Tools, Subclipse (for Subversion access), and most importantly the RadRails plugin. For the most part is was a good experience. There were a few times when renaming a file or performing miscellaneous actions that Eclipse locked up on me (at home and at work) but restarting Eclipse worked ok. The only feature missing that would have been nice is Rails debugging. It’s in the works in RadRails, but it’s a ways off.
More about Ruby on Rails can be found elsewhere.
I found the book Agile Web Development with Rails invaluable during the entire process. (Programming Ruby is another fine choice, too!)
Well, the long-awaited opening of Serenity (A movie based on the short-lived TV series Firefly) has come and gone. I saw it Friday night and it did not disappoint in the least. I was so excited about the movie that I accidently left my card in the ATM while stopping for cash on the way there (whoops!) It was only playing at one theater in the entire region, so it was very packed, and you could tell most of the people were Firefly fans. I’ll spare the details of the movie, as they’ve been discussed in many other places. Suffice to say that it will be immediately purchased on DVD, and watched a gazillion times. I wish that I could go see it again in the theater, but that isn’t really a possibility.
And now, for those who have seen the movie, a moment of silence for a leaf on the wind. [pause]
Try as I might, it seems I can’t get away from Windows as my primary desktop both at work and at home. My unix-a-like OS of choice is FreeBSD, and I use it on many servers as well as a couple “pseudo desktop” systems (low-task servers that I can run X and a few apps on) I am going to start a page keeping track of all the “show stoppers” keeping me from running it as my primary desktop, and happily check off items as they are found.
Part of me would love to just take the plunge and go the full immersion route, but due to some of the work-related windows-only issues, I don’t see that going as well as I’d like.
EDIT: Sep 08 2005 – I forgot a link to the page. It’s a work in progress…
So last night was the final episode of Six Feet Under ever, and I must say it was ended quite well. I prefer it when a series has a planned ending. The creators knew there would be 5 seasons and planned it as such. No cliffhangers that could forever go unresolved, only a fitting conclusion. While I may miss the show, at least it was not cancelled before its time (nor did it cheat death and overstay its welcome!) I guess it’s rather appropriate for a show so centered on death to know how to make a graceful exit. The ending sequence was especially well done.
I hear Smallville is also only planned to be 5 seasons, making this the last one. I’ll miss that show too, but it’s somewhat more comforting to know in advance that it will be ending. If only Dead Like Me (or Wonderfalls, or Carnivale, or Eyes, or Firefly, or…) had been allowed to run its course, but that’s a rant for another time.
A little update on the Spam I had been seeing recently.
After looking a little deeper, it must have been a single spammer using that tactic, and relaying the spam through a bunch of other hosts (likely compromized PCs, since many were cable modems). After a while, those particular faked Received: header styles were not showing up as often.
I’ve added a couple more RBLs and RHSBLs, updated SpamAssassin, and tweaked some default scores, and things seem to have gotten happier.
The number of rejections at the MTA level has held steady, but the overall volume has ebbed while the number of detections by SpamAssassin increased. Result: Less spam. For now.
Recently I was perplexed by the number of spam messages that were getting through my SpamAssassin setup. A coworker forwarded a couple obvious spams the other day and he was wondering too. So I decided to do a little digging. Out of a random sample of spam coming through when I checked, about 85% or more were using a particular tactic trying to bypass filters.
All of them had a faked received header at the “beginning” of the message’s path. The faked header matched up with the faked from address as well. Of course this was not a big shock. I’ve seen faked headers before, but not on this scale and so similar. An unusual number of them were pushing stocks instead of pills, too.
A while back, as an exercise to help learn python, I wrote a script that removes temporary files in Windows (9x/me/2k/XP/etc) – It’s far from perfect, but it sure saves a lot of time compared to cleaning things out manually. If you’re feeling daring, give it a try: download tempcleaner. I’ll post the source once I get it cleaned up a little better, and put a blurb about it in the projects section.
I made a reference to it in the previous post I made about spyware removal.
So you’ve found yourself fighting a machine loaded to the gills with crap. Lucky you. Hopefully this helps make the job a little easier. I deal with spyware on pretty much a daily basis. I hate it. The only ones who like it are the ones making money off of it, and I don’t mean the poor techs stuck cleaning up the mess.
This article is geared more toward Windows XP/2k, though it can apply to earlier releases. Some of this may be useful to the home user, but it may be more helpful to those who have to work on many machines (for work, for family, for the neighborhood). I’m open to comments, I’d love it if someone would suggest better methods to accomplish any of the tasks I describe. I’d also appreciate hearing about other utilities that are used.
I noticed in the logs that some people were getting 404’s or redirected to pages that weren’t right, due to the site layout change. I added some redirects that should take care of that problem. If you got to this page expecting to see something else, try browsing the page links at the right, and let me know what’s broken.