sysadmin

Vendor-specific e-mails to fight spam

by Michael Alderete on 4/13/2003

Managing your own e-mail server is a pain in the ass. There’s no two ways about it, when you want to take control of your own network infrastructure, you increase the complexity of the systems you manage, and you greatly increase the consequences of screw-ups.

For example, when I was using aggressive RBL blocking, it was bouncing e-mail I actually wanted to receive, in addition to some spam. A different anti-spam tool was causing occasional, apparently random errors, which resulted in some e-mail messages being dropped on the floor. And back in September, when Rochelle and I were in France and the e-mail server died, we lost about two weeks of e-mail.

So if it’s hard work, and screw-ups mean you lose important messages, why would anyone want to run their own e-mail server? For me, it’s all about spam and viruses. I have a great deal more options for strategies to deal with unsolicited commercial e-mail (spam) and for protecting us from e-mail borne viruses. Since I get about 200 spam messages every day, this matters a lot to me.

One of the tactics I use is to create vendor-specific e-mail addresses, and then expire them when they start generating spam. Here’s how it works. When I register at a new web site, say, www.bigcommerce.com, I give them the e-mail address bigcommerce@alderete.com, which will be an “alias” for my actual e-mail address. This lets me receive mail from the vendor, but tagged in a way that’s traceable to them. Any e-mail sent to that address, I know it’s www.bigcommerce.com that generated it — or sold my address to spammers.

And that happens surprisingly often, especially with dot.bombs that went out of business and sold all their assets, including their customer lists, to whomever wanted to buy them. The biggest offenders in my Inbox have been myspace.com and techies.com.

When the amount of spam going to a vendor-specific e-mail address gets to be too much, or if I know they’ve gone out of business, I will “expire” the address. This is done by setting the alias to bounce when someone tries to send messages to it. For folks who want the technical details, I add an entry like the following to sendmail’s virtusertable file:

techies@alderete.com error:nouser 550 No such user here

This trick is only possible if you own your own Internet domain name, e.g., alderete.com, and have complete control over the e-mail aliases for your domain, usually by running your own e-mail server. (Some hosting services will let you do stuff like this, but most of them don’t give you full access to your aliases files.)

I’m still evolving my strategies to combat spam. With almost 1500 offensive messages being sent to me each week, I have to have pretty sophisticated filters. What I have today works fairly well, but could be even better. I’ll surely post when I add new techniques or tools. But no matter what I add, vendor-specific expiring addresses will continue to be a useful and important part of my anti-spam system.

{ Comments on this entry are closed }

DHI 58-63

by Michael Alderete on 3/9/2003

DHI 58: I discovered that in the move to aldoblog.com, I didn’t update the URL in the RSS file that this site provides for syndication use. Fixing that turned out to be a bit more work than I expected, but while I was in editing the site files, I changed the e-mail address to something disposable, so that at the end of the year I can change it, and so hopefully slow down some of the spam.

DHI 59: A security hole in Sendmail was discovered this week. Since I haven’t gotten around to learning and setting up Postfix, I’m using Sendmail for my e-mail server, which means I needed to patch and restart my e-mail server. Done.

DHI 60: Rochelle’s flat panel display came today, and I set it up. That’s more work than it sounds, since her old monitor had to be removed, and it weighs about 70 pounds, and all the cables needed to be swapped, since she was changing from standard VGA to DVI, a digital signal. Anyway, she likes it.

DHI 61: A friend alerted me to the fact that the e-mail address for this weblog was bouncing. In fact, every address at the aldoblog.com domain was bouncing. Fixed.

DHI 62: Spray-painted over some graffiti on the front of our house. If you don’t paint over it quickly, you get a lot more of it, as the taggers realize that (a) you’re offering them a canvas, and (b) some other asshole painted on their canvas, and they need to re-tag to own it back.

DHI 63: One word: Taxes.

And yes, this leaves me short one DHI for the week. Rochelle ate half my day today, and college basketball ate the other half. With the tournament action coming later this week, and March Madness shortly thereafter, it’s likely that my DHIs for March will be woefully inadequate, unless I’m allowed to count “removed some popcorn from the house today” and “removed much beer from the house today” as DHIs…

{ Comments on this entry are closed }

DHI 51-54

by Michael Alderete on 2/27/2003

DHI 51: We ordered a new LCD display for Rochelle’s PC, but to make the most of it, you need to connect it to a digital video interface on the graphics card. Rochelle’s existing graphics card was too old to have even heard of DVI, so I bought her a new one off of eBay. It came today (before the new display!), and I installed it in her PC. So now she can use her computer in 800×600 pixels, at 16 colors (that’s colors, not bits), and 60Hz refresh rate.

In other words, it currently sucks to be using the new card. I am trying to download the correct drivers from the ATI Technologies web site, but they’re totally fucked up, and every download link gives the same two-word error message: “Not Found”. Not helpful. Not impressed. ATI sucks. (For now, anyway.)

DHI 52: More computer work for Rochelle, installing Quicken 2003 onto her system. Another DHI will surely be getting together this weekend to work on initial configuration of our accounts, especially for online access and automatic downloading of information.

DHI 53: I reattached the smoke detector to the wall. We had detached it for the paint stripping work, because the heat gun kept setting off the alarm. We’ve been done with the paint stripping for weeks, but only this morning remembered we’d detached the detector. Oops.

DHI 54: I made a contribution to fund ads advocating inspections over war. If I help improve our country, my little corner of it will be better, too.

I’m not done with the week, yet, but wanted to post the link to MoveOn.org earlier, in case you wanted to help fund those ads, too.

{ Comments on this entry are closed }

DHI 44-50

by Michael Alderete on 2/23/2003

DHI 44: I moved a few dozen books from other bookcases to the new shelves in the water closet. We’ve decided on themes for two of our three shelves, but neither theme completely fills its shelf, so there will need to be some rethinking done.

DHI 45: I connected the TiVo and the VCR, so that we can transfer shows off of the TiVo to tape, for long term storage. Strictly for personal use, of course.

DHI 46: I paid $300 to the MasterCard, which sounds like a daily chore, except we just transfered all bill-paying responsibilities to Rochelle, and that $300 will completely pay off our credit card, leaving us with no non-real estate debt for the first time since our wedding/honeymoon/bathroom remodel (which was followed closely by the stock options fiasco/stock market meltdown, which was followed by 3 months of unemployment each). Now that’s a home improvement!

DHI 47: I finished moving this weblog to aldoblog.com, moving the appropriate files from one location to another, and setting up some redirects in Apache to make links to the old site continue to work. In the process I discovered I had not completed the DNS configuration for the aldoblog.com domain, so I finished doing that, too.

DHI 48: I collected more books to move into the water closet, this time all of our travel books. I found a couple more SF and food books to move, too.

DHI 49: I stripped off an old photo that had fused to our front window, cleaned with Windex, and then scrapped off the glue residue and the accumulated grime of 11 years on Haight Street with a razor blade. The front windows are now about 90% more clear — I can’t wait until tomorrow afternoon when the sun is shining through them, and I can see the improvements the best!

DHI 50: After much research (scanning log files), and even more dithering, I turned off my server-side spam filtering software, because it is apparently occasionally dropping random messages. This basically undoes one of my prior DHIs, where I implemented the anti-spam measures. Which kinda sucks, but then, how often do you get every home improvement right the first time?

{ Comments on this entry are closed }

DHI 41-43

by Michael Alderete on 2/16/2003

DHI 41: I filled out my portion of the mortgage loan application we’re working on to refinance the house. The amount of money we get from lowering our interest rate is staggering (mortgage math is crazy!), but we regrettably have to plow it right back into the house.

You see, our house is more than 100 years old, and the foundation is original, and brick-and-mortar. A new foundation is going to be $75,000, a very scary number…but not as scary as having our house slide out into the street!

DHI 42: I finally got around to configuring aldoblog.com, so that this blog can move to a shorter domain name and URL. DNS now resolves (primary and secondary name servers), Apache recognizes it as a virtual host, and some initial redirects are in place to make the transition seamless. I still have some work to do, moving directories around, and setting up the real redirects, to move y’all over to the new location. That’ll have to come this weekend, though, when I can focus for a couple hours straight.

DHI 43: I coughed up $100 for our contractor when Rochelle was short of cash to pay him one evening.

The rest of my DHIs didn’t happen this week; I was too tired, or too lazy, or both. I plan to get back on track this coming week, but I haven’t yet decided what to do about the shortfall…

{ Comments on this entry are closed }

The power of Google?

by Michael Alderete on 2/2/2003

The DHI I spent the last few days working on was moving the data for this weblog from my desktop Mac to the main server. I was able to move the data easily enough, but when I tried to actually connect to the new server, I was getting an error message that the connection was lost during the query. When I looked on the server, I could see that for some reason MySQL (the data server for this weblog) was barfing and restarting every time I tried to connect.

So I tried what I usually try in cases like this: I searched for the error message in Google, and read through the postings and solutions on message boards and archived mailing lists until I found something that worked for me. Unfortunately, this not uncommon error message was reported via a web page on my server — as it would be by any web server using PHP to access MySQL which had a problem. Can you see where this is going?

Yes, indeed, there are thousands of web sites with fucked up configurations spewing the same damn error message. All being spidered by Google. And being returned in my results. Out of 500 or so search hits I reviewed for the error message (out of 7310 hits total), only two were actually not an error page, and of those, one was in Russian.

Grrr.

The fact that you can read this means that I solved the issue, but it took me the better part of two days to solve, and in the end, the only way to fix things I could figure out was to re-install MySQL from an official binary distribution, not my preferred way to install software on my FreeBSD server.

{ Comments on this entry are closed }