Thu, 30 Sep 2004

Search Hats

Don Park has an idea about wearing different hats while searching. [via John Battelle's Searchblog]

For example, if I search for 'Eclipse' while wearing the 'Software Developer' hat, I should get Eclipse IDE related links before links related to the astrophysical phenenomon. If even I was interested in the later, results I get back should be different depending on whether I am wearing a Physicist's hat or a Photographer's hat.

That example is rather silly, though. If you're searching for the Elipse IDE, obviously you can just search for eclipse ide or eclipse java development, and if you're searching for astronomical eclipses, you'd search for something like lunar eclipse.

What would be useful is an "I'm not shopping for anything" option. There are many sites that get in the way in Google's search results when you're trying to research certain consumer electronics, for example.

tech | Permanent Link

Sun, 19 Sep 2004

JavaHMO and Debian

JavaHMO is an application that allows you to use the Tivo Home Media Option on platforms other than Windows and OS X. (It works on those platforms, too.) The RedHat packages available on the SourceForge site install fine under Debian after being converted by alien, but the RedHat init script doesn't work, so I wrote an init script for Debian.

The init script runs JavaHMO as the javahmo user, so you must create the user before using it.
# adduser --system --home /usr/share/javaHMO --shell /bin/false --group javahmo

Update: I created a proper Debian package for JavaHMO that doesn't require using alien to convert the RPM.

tech | Permanent Link

Sat, 18 Sep 2004

Sender Address Verification in the Real World

I've been using sender address verification callbacks for a long time. It helps eliminate a lot of spam by checking if the sender's address is deliverable. Unfortunately, there are a number of systems that send mail with an invalid envelope sender. These are often generated by scripts on a web server where the sender defaults to the-apache-user@the.web.server.name. There are also a number of misconfigured mail server, mostly IMail installations, that do not accept messages with null senders. This not only prevents their users from receiving bounce messages, but also prevents sender address verification from working.

Up until yesterday, I've rejected messages at RCPT time that fail sender address verification. Trying to deal with the number of false positives for a significant number of users has proven to be too dificult. So I decided to continue using sender address verification, but incorporate the result into an overall SpamAssassin score.

Andrew, on the exim-users list provided a helpful Exim ACL snippet which I modified a bit and came up with the following:

acl_callout_test:
  warn set acl_m6 = TEMP
  accept verify = sender/callout=60s,random
    set acl_m6 = OK
  warn set acl_m6 = FAIL

acl_check_rcpt:
  warn acl = acl_callout_test
  warn message = X-Sender-Verification: $acl_m6

This adds an X-Sender-Verification header which I then check for in SpamAssassin.

header    POSTICA_SENDER_ADDRESS_FAIL   X-Sender-Verification =~ /FAIL/
describe  POSTICA_SENDER_ADDRESS_FAIL   Sender Address Verification Failure
score     POSTICA_SENDER_ADDRESS_FAIL   2.0

header    POSTICA_SENDER_ADDRESS_TEMPFAIL   X-Sender-Verification =~ /TEMP/
describe  POSTICA_SENDER_ADDRESS_TEMPFAIL   Sender Address Verification Temp Failure
score     POSTICA_SENDER_ADDRESS_TEMPFAIL   1.0

I may have to tweak the scores, but so far, it's working pretty well.

tech » mail | Permanent Link

Semis for Soccer Moms

Back in 1999, after the Lincoln Navigator was introduced, I joked, "Next year, people will be driving semis around town." Looks like I was only off by a few years.

MSNBC has a picture and details on the 14,500-pound behemoth.

But does anybody really need a vehicle that is nine feet tall, eight feet wide, 21 1/2 feet long and gets about seven miles on a gallon of diesel?

No.

"Anybody can lease a Hummer now for $500 a month. Soccer moms are driving them," he said. "This is not a soccer mom's vehicle."

We'll see about that.

culture | Permanent Link

Tue, 14 Sep 2004

Introduction to Mailgraph

Over at ONLamp, David Ky describes how to setup Mailgraph.

Mailgraph is a great tool for monitoring your mail servers. It generates graphs showing how many messages are passing through your servers as well as the number of spam and viruses blocked. Here's a sample graph:

David didn't mention that there are Debian packages for Mailgraph. I've also modified it to work with Exim log files. The Mailgraph for Exim packages are available from the Postica site.

tech » mail | Permanent Link

Sat, 11 Sep 2004

Beer Tastes Good

Apparently, it is now possible to inhale alcohol. I'm not sure why anyone would want to, though. I can't imagine going into a pub and having the bartender put down a pint of your favorite vaporized beer.

That sounds about as likely as someone listening to a crappy version of their favorite song on their mobile phone.

business | Permanent Link

Thu, 09 Sep 2004

Are All Web Browsers Broken?

According to Derek, hrefs such as <a href="https:/path"> should be valid and link to the same site using https as the protocol.
This doesn't work in Mozilla, which converts such links to https://path/, nor in links which interprets it as http://domain.tld/https:/path.
Interestingly, it does work in Mozilla if the link is the same protocol as you're currently using.

If it worked, it would make web development easier. You wouldn't have to use tokens in html templates for the server name to avoid hard coding in the production server's domain. I'm sure there are other's who've used output buffering hacks to rewrite relative links.

So, what's the deal? Are all web browsers broken?

tech | Permanent Link

Restricting Incoming Mail to MX Hosts using Sendmail

When using an external server or servers to filter your mail, you want to make sure that spammers and worms cannot bypass the filtering servers and deliver unsanitized messages directly to the destination mail server. In order to do this, the destination MTA must check the IP address of the server trying to deliver a message and verify that it is one of the allowed hosts.

If you only have one domain on your sendmail server, or all domains use the same filtering hosts, this is fairly easy to accomplish using either a firewall, TCP wrappers, or a number of not-so-elegant entries in your access table. If you host a number of domains, these methods may not be acceptable.

I have written some sendmail rules to restrict delivery on a per-domain basis. Groups of scanning hosts, known as a scangroup, can be setup and each domain can belong to one scangroup. If a domain does not belong to a scangroup, messages to that domain are accepted as usual.

Two new maps need to be created, scandomain and scanhost. The scandomain map lists each domain that uses a scangroup and scanhost lists the IP addresses of each host in a scan group. The left hand side is the domain and IP address, respectively, and the right hand side is the scangroup name for both maps.

The rules which reject unauthorized delivery are added to the Local_check_rcpt ruleset so the rejection occurs after each RCPT TO: command. Because the mail server may also be used for message submission by MUAs, it accepts messages from authenticated users and IPs explicitly allowed to relay in either the relay-domains file or access map.

To enable scangroups, add the contents of scangroups.mc to the bottom of your sendmail.mc and regenerate your sendmail.cf. Don't forget to run makemap after setting up your scandomain and scanhost files.

If you're looking for a service to filter spam and viruses from your mail before they get to your mail server, please check out Postica, which I developed.

Updated - 5/2/2005: I updated the ruleset to reject messages with a temporary failure so that mail doesn't accidentally get rejected if DNS is being changed, and still points directly at the destination server.

tech » mail | Permanent Link

Thu, 02 Sep 2004

How To Print a Book From Postscript

Here's how to print some documentation as a book. The goal was to print two pages per sheet double sided without having the luxury of a printer that supports duplex printing.

In this example, I'm printing about 50 pages (Chapter 5) from the sendmail documentation.

psselect -p34-85 op.ps | psbook | psnup -2 | pstops 2:-0 | lpr

So we use psselect to pick the pages we want to print. Then, we use psbook to rearrange the pages so they end up in the right order in the finished booklet. The psnup utility is used to to print two pages per sheet, and finally, pstops selects just the odd pages in reverse order.

In the second step, you feed the pages back through your printer using the manual feeder. On my printer, a LaserJet 1200, the manual feeder pulls page from the top, the same as the tray. That is why I used pstops to rearrange the pages. If your manual feed pulls from the bottom, you can print the odd pages in the normal order.

psselect -p34-85 op.ps | psbook | psnup -2 | psselect -o | lpr

Now, we just put the pages in the manual feeder and print the even pages.

psselect -p34-85 op.ps | psbook | psnup -2 | psselect -e | lpr

P.S (Ha!) I think pstops can do everything that psselect, psbook, and psnup do, but I didn't bother learning the syntax.

tech | Permanent Link

The state is that great fiction by which everyone tries to live at the expense of everyone else. - Frederic Bastiat