blog.iloaf.com

Posted on May 20, 2008 by Chris @ 7:58 am

I looked at the MailChannels “free beer” edition yesterday and decided that 10k/day is not enough for my personal mailhost.

$ grep -c connect /var/log/mail.log.1 28652

...and yesterday wasn’t a busy day either.

graph

IMHO it’d have much better adoption if it had been free for non-commercial use like MT Etc. since it has wide appeal to the hobbyist lower middle class sysadmin type. Tried it at home and bought it for work isn’t a bad sales model after all for geeks.

I wonder if they cope with PayPals’ silly/borked SPF records? .. I wonder if they process SPF at all for that matter.

Filed under: Spam
Comments: 2 Comments

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on May 5, 2008 by Chris @ 9:17 am

NIN have for some time been uploading their work to trackers but today is the next step. After releasing a free track on facebook yesterday to generate buzz they have now released their new album “the slip” to the web for free, with thanks for fans loyal support.
http://theslip.nin.com/

Looks like http://topspin.net are involved – I can’t see any news on their site about it. I’d hazard a guess that they’ll be running a heap of future online releases and that this freebie is a a very cool beta test.

We envision a future where artists can market their content directly to fans. Topspin builds the web applications that enable the distribution and marketing of this digital content.
Our first release is in very limited Beta. Please watch this space for more developments.

Whatever, it’s DRM free and I hope it puts more chill wind up the music industry.

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on April 30, 2008 by Chris @ 7:58 am

...and I started so well with a good rant about a lame holiday company that don’t work over Christmas.

...and it’s the same reason I’ve not been posting on the corporate blog too. I’ve been working on a great project on the other side of the business as sort of a skills transfer and abuse basis It’s been pretty intense process, but we’ve proved that tiny teams of smart & dedicated people can produce something wondrous that far exceed expectations (and sometimes scope too ;)).

Next job, Upgrading wordpress and my expenses… Bad bad blogger.

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on January 2, 2008 by Chris @ 11:27 am

I hope you all had a better festive season than me. -4 degrees on Christmas morning with a broken boiler in the heart of northern France wasn’t much fun. We perceivered for a couple of nights with the loan of some crappy electric heaters and a temperamental example of French home wiring. We had to give up when the elder family decided it was way too cold and enough was enough.

I’m going to cause a lot of pain for somebody at cottages4you today – their emergency numbers were off-line for the duration of our troubles.

Update: c4u customer care are now in the office and have been very responsive. If only they could have been like this out of normal hours.

Update #2: Situation resolved. c4u do not deny our situation and their errors and have resolved matters accordingly.
The out of hours services need to improve. It still sucks that cottages4you’s emergency numbers were offline (not even voicemail based callback) on bank holidays. They really need to step it up a gear and make sure that phone is covered 24h 365.25days a year for big issues. Being an agent for a contracted landlord is no excuse and does not prevent them being liable for issues since thats who the customer has a contract with at the end of the day.

Filed under: Knee Jerk and News
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on December 13, 2007 by Chris @ 9:53 am

Insurance companies and health-care providers ask the most ridiculous security questions every time we cross paths. Name, Address, Date of Birth. Every single time they want this triplet of information under the guise of a security verification. I’ve a very good feeling that this is not for my or my accounts security since it’s all pretty much public information isn’t it? Or at the very least obtainable with little effort. The pessimist in me (who is usually right!) believes this triplet is actually an anti fraud measure.

It sucks that anti-fraud actually actually prevails over security with near-essential services like these.

Filed under: ~/
Comments: 1 Comment

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on November 7, 2007 by Chris @ 8:03 pm

I should leave…

Dear [Director of customer service@bank],
It should not take 11 minutes and 9 seconds of my life to request a new internet banking password. You need to fix this experience!

I honestly thought that after a minute I was doing well, I got none of the questions wrong and had the account number to hand like any good caller should.
How the hell do you explain an overseas phone line so bad I have to spell out my name and an ‘officer’ who does not understand the phonetic alphabet for god sake?

Your off shore call center could process far more calls with higher satisfaction if the call transit was not noisy and compressed beyond reasonable clarity levels, so where is the sense in that?
Your call handlers would make less mistakes if they knew and used the phonetic alphabet too.
Then I hold for four and a half sodding minutes whilst they “raise my request”. WTF! That’s one button push in my book, so with respect your system is very very broken.
Lastly, I want this information so I can use the account. Why does it take 10 days for a letter to arrive??!! Surely your not posting it from the call center, are you?!?

May I respectfully suggest you pay an English speaking mystery shopping company to report on your service? Or perhaps still survey your customers anonymously. (No point in teaching your customers how to get phished!)

I look forward to your prompt response. If I fail to hear back from you within 14 days I will assume you don’t give a rats’ ass about feedback and want me to take that my savings account and ISA’s elsewhere.

Regards,

Moi

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on September 30, 2007 by Chris @ 10:20 am

One of the most creative videos I’ve seen in ages. Enjoy!

You can see more of Tony & Pauls work at freeposterfilms.com.

Got to stop lurking around online entertainment and get on with my laundry & packing, I’ve got two very full weeks on the road ahead at APWG and MAAWG.

Filed under: SlowNewsDay and ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on September 17, 2007 by Chris @ 8:26 am

Trying to research a few errors in my maillog relating to spf revealed an own goal by the top pished company in the world.
Taken from the de-facto SPF implemetation:
"use constant default_max_dns_interactive_terms => 10; # RFC 4408, 10.1/6 "

10 interactive terms. Ten is the default, because SPF is supposed to be a “light check”.

With eBay/PayPals current deployment of SPF they have scored an own goal. Its so complicated that it does not conform to the RFC and fails (in the defacto implementation) with a permanent error.

Take a quick look at why is fails the 10 record test:

mx
include:s._spf.ebay.com
include:m._spf.ebay.com
include:p._spf.ebay.com
include:c._spf.ebay.com

s._spf.ebay.com
ip4:66.135.209.192/27
ip4:66.135.197.0/27
ip4:64.4.240.64/27
ip4:64.4.244.64/27
ip4:66.211.161.0/25

m._spf.ebay.com
ip4:66.135.215.224/27
ip4:216.33.244.96/27
ip4:216.33.244.84

p._spf.ebay.com
ip4:67.72.99.26
ip4:206.165.246.83
ip4:206.165.246.84
ip4:206.165.246.85
ip4:206.165.246.86
ip4:64.127.115.252
ip4:194.64.234.129/27
include:p2._spf.ebay.com

p2._spf.ebay.com
ip4:65.110.161.77
ip4:204.13.11.49
ip4:204.13.11.51
include:liveworld.com
include:emarsys.net

liveworld.com
a:mail.liveworld.com
a:smtp.liveworld.com
a:mail.mccmedia.com
mx:smtp.liveworld.com
a:sjc.liveworld.com
ip4:63.80.14.0/23
ip4:208.64.132.0/22
-all (wow)

emarsys.net
ip4:81.223.46.25
ip4:81.223.46.26
ip4:81.223.46.27
ip4:81.223.46.28
ip4:81.223.46.29
ip4:81.223.46.30
ip4:81.223.46.10
ip4:81.223.46.11
ip4:81.223.46.12
ip4:81.223.46.13

c._spf.ebay.com
ip4:12.155.144.75
ip4:62.22.61.131
ip4:63.104.149.126
ip4:64.68.79.253
ip4:64.94.204.222
ip4:66.135.215.134
ip4:67.72.12.29
ip4:193.28.178.23
ip4:193.28.178.24
include:c2._spf.ebay.com

c2._spf.ebay.com
ip4:80.93.9.10
ip4:195.234.136.12
ip4:203.49.69.114
ip4:209.63.28.11
ip4:210.80.80.136
ip4:212.110.10.2
ip4:212.147.136.123
include:c3._spf.ebay.com

c3._spf.ebay.com
ip4:213.219.8.227
ip4:216.113.168.128
ip4:216.113.175.128
ip4:216.177.178.3
ip4:217.149.33.234
ip4:220.248.6.124
ip4:67.72.12.30
include:c4._spf.ebay.com

c4._spf.ebay.com
ip4:216.113.188.112
ip4:80.66.137.58
ip4:212.208.64.34
ip4:216.113.188.96
ip4:216.33.244.6
ip4:216.33.244.7
ip4:63.80.14.17
ip4:216.113.175.152
ip4:216.113.175.153

Pheww.. Do you think that’s more than 10 entries? No wonder it’s not helping

[X] Your infrastructure is too complicated.
[X] You have more money (and networks) than …......
[X] Your good intentions went to waste.
[X] Your using a ~all record when your business dictates -all.

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on September 8, 2007 by Chris @ 8:18 am

Just a quick ‘n’ simple howto on installing SPF tests in postfix on ubuntu:

Get the policy plugin and perl modules

sudo apt-get install postfix-policyd-spf-perl libmail-spf-perl libversion-perl libnetaddr-ip-perl

sudo vim /etc/postfix/master.cf and insert the following at the bottom

policy  unix  -       n       n       -       -       spawn
 user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl

sudo vim /etc/postfix/main.cf and insert “heck_policy_service unix:private/policy,” somewhere after the reject_unauth_destination or you’ll become a open-relay for anyon with a valid spf (think +). Mine looks like this:

smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/var/lib/pop-before-smtp/hosts, reject_unauth_destination, check_helo_access regexp:/etc/postfix/helo_checks, check_policy_service unix:private/policy, permit

Then simply sudo /etc/init.d/postfix restart (and check your mail log in case you made a typo!)

That’s it!

Here is a citezns bank phish soft failing in the log:
Sep 8 08:45:51 localhost postfix/policy-spf[31433]: : Policy action=PREPEND Received-SPF: softfail (citizensbank.com: Sender is not authorized by default to use 'clientcare.refUD44983558.gps@citizensbank.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=localhost.localdomain; identity=mfrom; envelope-from="clientcare.refUD44983558.gps@citizensbank.com"; helo=190.Red-88-27-224.staticIP.rima-tde.net; client-ip=88.27.224.190

Now how can I convince the banks to use -all records??

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile