Currently viewing and reading

Mailchannels first impressions & its feedback loop

Posted by Chris in May 25th 2008  

I love the idea of abusing the fact that spammers are in a hurry. Traffic Control checks all the geeky check-boxes of a SMTP proxy I should take a closer look at.
So the first thing I do once I can netcat to the proxy and check it’s running is fire up a “tcpflow -c -i eth0 not port 22” to watch it in action. I could immediately see how it slows connections (sweet), and then the instant phone home traffic or feedback mechanism.
I’m not so sure I like the feedback mechanism. The main issue is “but not be limited to” statement in the license as usual not the fact that they aggregate logs, over http on port 25.

Exhibit #1 – License snippet :

17.Feedback. The Software may periodically submit statistics about its
operation to servers operated by MailChannels and other parties
authorized by MailChannels (the “Feedback”). The Feedback shall
include but not be limited to the IP addresses of email senders,
server memory usage, server CPU usage, and various attributes of
email sending hosts such as operating system type.

Exhibit #2 – Stream capture : feedback.mailchannels.com port 25 gets sent a log line per email as a http post.
rd.42946-feedback.mailchannels.com.00025: POST /et/capture HTTP/1.1
Host: feedback.mailchannels.com
Content-Length: 402
Connection: keep-alive

[2008-05-25 16:58:53 +0100] [22019] i=78.149.112.169:52371 h= o=N u= a= t= p=0 d=0
x=”ClientACL t=0,0|EarlyTalker t=0|RBL action=reject;cbl.abuseat.org=no_data;hul.habeas.com=no_data; query.bondedsender.org=no_data;sbl-xbl.spamhaus.org=no_data; t=0.11,0.17,0.04,0.28,0.17;zen.spamhaus.org=127.0.0.11.reject”
l=ACCEPT c=550 z=”Found on zen spamhaus” e=”[550,Found on zen spamhaus]”
q= n=1/0/1 b=0/0/0/1 v=


CR’s added for readability

I completely understand why they want the spy-in-the-box (having worked with Justin I know the possibilities are endless) but that license is a bit too lax for me. It’s just a niggle but I’d feel more comfortable if it was defined explicitly, and explained in full and have the option to disable it on privacy grounds.

You need to disable SPF in your mailserver too, since the postfix sees the proxy ip, spf hard fails result in a reject … I should have thought of that ;) Maybe thats where my license file has gone ;) Woops.

Just in case Ken reads this..

  • Kudos for the non commercial licensing

  • I’ve mailed free-beer and am still waiting for a key.

Being a typical old school QA guy I’ve a heap of suggestions, but for the time being this image of my mailbox shows the performance in the first hour or two with the default config.
mailbox
...eww, but you should see what happens without it.
In fact if you look at the graph below you can see the effect is that the server is relaying more mail and rejecting less.

E&OE plus the fact I’m in a rotten mood, I’m blaming the prescription(s) ;)

under: Knee Jerk, Spam
Tags: , , , , ,

Related Posts:

3 Comments Received

Ken Simpson
May 25th, 2008 @11:17 pm  

Hi Chris,

You’re not the first to point out that the license terms around feedback are too lax. We’ve added a clause to provide some comfort around privacy of the feedback data:

“18. Feedback System Privacy. The Feedback shall not include the email addresses of senders or recipients, nor any part of the body of the email message, unless specifically enabled by the Customer in the Software’s configuration.”

This clause will be in the next build, so keep an eye out. In the mean time, please consider this term extended to you and all others who have downloaded the software.

Just emailed the eval license to your work address – let me know whether it came through.

BTW, could you confirm that you have a line in your proxy.conf that says this:

TriggerRBLZone Throttle throttle.mailchannels.com “” 127.0.0.10-127.0.0.100

Without this line, you’re not going to be slowing down much of anything and thus there will be very little impact on spam.

Reason I ask is that I haven’t seen inquiries to the reputation RBL, although I am seeing your feedback. Perhaps we have a bug in our conf template which requires immediate attention?

Thanks,
Ken

Chris | Official
May 25th, 2008 @11:30 pm  

Ah, I keep work and this place quite separate. (hence the minor edit on your comment)
I’ll check for it later.

The line is there…

TriggerRBLZone Throttle throttle.mailchannels.com "" 127.0.0.10-127.0.0.100

– I’ve got the throttle in, however due to that mailbox effect I’ve a few special RBL’s in before hand too. I guess they go in order?

Since the above line relies on DNS the chance of you seeing my IP query it are pretty slim as I run my DNS in forwarding cache mode to.

Ken Simpson
May 26th, 2008 @4:14 pm  

The RBL checks are indeed done in order. Send me your proxy.conf so that I can have a look at it, if you have a chance.

Leave A Reply

Please Note: Comments maybe under moderation after you submit your comments so there is no need to resubmit your comment again

« Wogan to quit over eurovision voting?
Coolest advert of the spring »

Feeds

feeds
Subscribe to the feed

Categories

Search

Chirping away

    :First frost of the year. I loathe clearing ICE off the car. Lost the quiz on a tie-breaker too :( - 14 hours ago
    :About to eat spit roasted venison & lamb at a friends 71st birthday bash mmmmmmmm - 2 days ago
    :About to eat spit roasted venison & lamb at a friends 71st birthday bash mmmmmmmm - 2 days ago
    :@GarWarner Onlinenic and 35.com/35 tech are the same company. - 2 days ago
    :@bormuff he he ;) - 3 days ago
    :Rebooting desktop machine after 122 days :( Damn Kernel updates ;) - 3 days ago

Mmmmm Del.icio.us!

More About The Site

One man and his blog. (Well his 3rd blog actually).

Tags

Links

  • Andy - Geocaching his way through life.
  • Jeremy - Yahoo’s MySQL bod
  • Justin - Irish spam Ninja
  • kasia - Anti spam girl.
  • Neil - Student

Archives

Pages

Meta