Entries posted in August 2007

I gotta be cool relax, get hip

Thursday, 30 August 2007

Fighting Spam

Lots of people get spam and don't want to fight it themselves.

Many of those people elect to use a service such as Google Mail, which does an adequate job of filtering most of the time.

For people who wish to host their own mailservers, and off-load their anti-spam support to another entity, there are big companies such as MessageLabs.

But if you can't/won't pay for somebody else how would you handle it?

Right now I run my own mailserver and mostly it rocks.

However I also manage a couple of servers for other people, and this mostly means that I have identical configuration(s) scattered across other machines. (Or as I recently discovered "mostly identical" setups scattered across N hosts.)

After viewing a recent thread upon the forums of my employers I'm wondering how hard it would be to setup an anti-spam mail host.

The idea being that users of domain example.org would continue to run their own mailserver (+optional POP/IMAP server). However this server wouldn't be listed in an MX record.

Instead the MX record would point at the antispam server, which would then process and forward the mail on. (I'm assuming that the mailserver at example.org would be firewalled such that it would only accept SMTP connections from the anti-spam host).

The only challenges I see would be:

  • The anti-spam server knowing where to forward mail for domain X - since there would be no MX record. Maybe a A record 'incoming.example.org'; maybe a hardwired list.
  • Having enough resources on the anti-spam server.
  • The pain that would ensue if legitimate mail were dropped.

The last one is the killer point which makes me wonder if I'm wasting my time on the general case; I don't believe I could persuade people to pay for such a service (on the grounds that I wouldn't!) and if ever a mail were dropped I'd be the first person who would be blamed. And probably rightly so.

The simple solution would be to always accept mail - but just tag it. Then you still have the same issue, but you have the excuse that "I still delivered your mail; just tagged wrongly". The downside of that is that the recipient still has to filter the mail; and still eats the bandwidth cost. The main gain is the lack of spam-processing CPU that is eaten locally.

Anti-spam, and to a lesser extent anti-virus, topics are very interesting to me, and I'd love to hear any thoughts - or even what you use for yourself.

Right now I'm 50/50 on setting up my main mailserver as the proxy for a few domains I have to manage (family, friends) to see how it works, but I'm not quite convinced yet. (Single point of failure == bad. Though centralised configuration == good.)

| No comments

 

I'm on another world with you

Monday, 27 August 2007

So that'll be me engaged to the most beautiful girl in the world then.(*)

This explains where I've been, what I've been doing, and should suggest I'll be catching up on two-three weeks of work tomorrow.


[*] - OK you might disagree. I don't.

| No comments

 

Dio has rocked

Monday, 13 August 2007

Inspired by Joey's wiki compiler I've been toying with a blog compiler.

Very similar idea - you give it a directory of text files, and it creates a static blog complete with tagging support, RSS feeds, and all that good stuff.

Feel free to have a look - probably the demo is the most interesting bit.

The only obvious downside is that people cannot easily leave comments... However that might be a plus for some people, especially those that don't want to touch MySQL / PHP / etc

| No comments

 

Are you talking to me?

Saturday, 11 August 2007

My GNOME desktop is broken upon my primary machine, and it has taken me too long to get it sorted out.

Short version: metacity will not run:

skx@vain:~$ metacity
metacity: symbol lookup error: /usr/lib/libgthread-2.0.so.0: undefined symbol: g_thread_gettime

The .so file referenced is a symlink to libgthread-2.0.so.0.1200.13, and using nm I can see there are no symbols listed:

skx@vain:~$ nm /usr/lib/libgthread-2.0.so.0.1200.13
nm: /usr/lib/libgthread-2.0.so.0.1200.13: no symbols

That seems weird to me, but libraries are mysterious beasts, so I might be expecting this behaviour?

Anyway dpkg claims this file is installed by libglib2.0-0, and the package hasn't had an upload since July 17th, so I can't believe this is the reason for the recent breakage (Even given that I don't logout often..)

Reinstalling both packages (metacity + libglib2.0-0) has failed to fix the problem so I'm lost.

Right now I'm running GNOME with a different window manager, icewm, via a ~/.gnome2/session file:

gnome-wm --default-wm /usr/bin/icewm-gnome --sm-client-id default0

This works almost perfectly - it is better than metacity in the sense that new windows don't overlap existing ones if there is spare screen space, but worse in that alt-TAB shows two windows "Top extended Edge Panel" and "Bottom Extended Edge Panel" - which I don't need/want to see.

I'd be happy to stay with IceWM if I could fix those two problems, but I'd love to know why metacity is broken, and how I can fix it. I can't see any obvious bug reports - and I'm not 100% certain that the gthread package is the source of the error...

Any suggestions welcome.

ii  metacity       1:2.18.5-1     A lightweight GTK2 based Window Manager
ii  libglib2.0-0   2.12.13-1      The GLib library of C routines

| No comments

 

walking on the moon

Friday, 10 August 2007

According to popcon I have just under 1000 users of xen-tools.

That was quite a suprise to discover via a random google search, although I guess there have been a lot of bugs filed against the package during its lifetime.

Funny how some things which start as random hacks (this was originally a quick and dirty hack for a Xen introduction article) become quite useful/popular, whereas other tools which were planned and designed go virtually unnoticed...

| No comments

 

Now some men like the fishing

Friday, 3 August 2007

Xen Migration

This afternoon I mostly migrated Xen guests from their old host to their new. (As part of a an upgrade of facilities. Upgrading in place would have been much fiddlier and more annoying!)

The migration took almost three hours, which was longer than anticipated but shorter than I'd feared. In the future I'll know to do it differently, but I managed to script it fairly well after the first couple were done manually.

Everything appears to be working correctly so I will soon nip out for some high quality beer.

Xen Help?

One thing that I wanted to do with the new host was track bandwidth usage upon a per-guest basis.

This should be possible with something like vnstat - however solutions counting traffic by interface name are not a good mesh with Xen - since by default a guest will have an interface with a name like 'vif20.0' - and no means of mapping that to a specific guest.

Each of my guests has been allocated three IPs which are defined like this in the Xen configuration file:

vif = [ 'ip=1.2.3.4 1.2.3.5 1.2.3.6' ]

This works prefectly.

This also works:

vif = [ 'ip=1.2.3.4,vifname=foo 1.2.3.5 1.2.3.6' ]

Unfortunately anything else I've tried to give each IP a static interface name fails. I've seen reports of this online but no solutions.

Given a configuration file like this the Xen guest doesn't receive any traffic upon the second + third address:

vif = [ 'ip=1.2.3.4,vifname=foo1',
        'ip=1.2.3.5,vifname=foo2',
        'ip=1.2.3.6,vifname=foo3' ]

Any suggestions welcome.

| No comments

 

Recent Posts

Recent Tags