blog.iloaf.com

Posted on January 2, 2008 by Chris @ 11:27 am

I hope you all had a better festive season than me. -4 degrees on Christmas morning with a broken boiler in the heart of northern France wasn’t much fun. We perceivered for a couple of nights with the loan of some crappy electric heaters and a temperamental example of French home wiring. We had to give up when the elder family decided it was way too cold and enough was enough.

I’m going to cause a lot of pain for somebody at cottages4you today – their emergency numbers were off-line for the duration of our troubles.

Update: c4u customer care are now in the office and have been very responsive. If only they could have been like this out of normal hours.

Update #2: Situation resolved. c4u do not deny our situation and their errors and have resolved matters accordingly.
The out of hours services need to improve. It still sucks that cottages4you’s emergency numbers were offline (not even voicemail based callback) on bank holidays. They really need to step it up a gear and make sure that phone is covered 24h 365.25days a year for big issues. Being an agent for a contracted landlord is no excuse and does not prevent them being liable for issues since thats who the customer has a contract with at the end of the day.

/* */

Filed under: Knee Jerk and News
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on December 13, 2007 by Chris @ 9:53 am

Insurance companies and health-care providers ask the most ridiculous security questions every time we cross paths. Name, Address, Date of Birth. Every single time they want this triplet of information under the guise of a security verification. I’ve a very good feeling that this is not for my or my accounts security since it’s all pretty much public information isn’t it? Or at the very least obtainable with little effort. The pessimist in me (who is usually right!) believes this triplet is actually an anti fraud measure.

It sucks that anti-fraud actually actually prevails over security with near-essential services like these.

/* */

Filed under: ~/
Comments: 1 Comment

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on November 7, 2007 by Chris @ 8:03 pm

I should leave…

Dear [Director of customer service@bank],
It should not take 11 minutes and 9 seconds of my life to request a new internet banking password. You need to fix this experience!

I honestly thought that after a minute I was doing well, I got none of the questions wrong and had the account number to hand like any good caller should.
How the hell do you explain an overseas phone line so bad I have to spell out my name and an ‘officer’ who does not understand the phonetic alphabet for god sake?

Your off shore call center could process far more calls with higher satisfaction if the call transit was not noisy and compressed beyond reasonable clarity levels, so where is the sense in that?
Your call handlers would make less mistakes if they knew and used the phonetic alphabet too.
Then I hold for four and a half sodding minutes whilst they “raise my request”. WTF! That’s one button push in my book, so with respect your system is very very broken.
Lastly, I want this information so I can use the account. Why does it take 10 days for a letter to arrive??!! Surely your not posting it from the call center, are you?!?

May I respectfully suggest you pay an English speaking mystery shopping company to report on your service? Or perhaps still survey your customers anonymously. (No point in teaching your customers how to get phished!)

I look forward to your prompt response. If I fail to hear back from you within 14 days I will assume you don’t give a rats’ ass about feedback and want me to take that my savings account and ISA’s elsewhere.

Regards,

Moi

/* */

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on September 30, 2007 by Chris @ 10:20 am

One of the most creative videos I’ve seen in ages. Enjoy!

You can see more of Tony & Pauls work at freeposterfilms.com.

Got to stop lurking around online entertainment and get on with my laundry & packing, I’ve got two very full weeks on the road ahead at APWG and MAAWG.

/* */

Filed under: SlowNewsDay and ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on September 17, 2007 by Chris @ 8:26 am

Trying to research a few errors in my maillog relating to spf revealed an own goal by the top pished company in the world.
Taken from the de-facto SPF implemetation:
"use constant default_max_dns_interactive_terms => 10; # RFC 4408, 10.1/6 "

10 interactive terms. Ten is the default, because SPF is supposed to be a “light check”.

With eBay/PayPals current deployment of SPF they have scored an own goal. Its so complicated that it does not conform to the RFC and fails (in the defacto implementation) with a permanent error.

Take a quick look at why is fails the 10 record test:

mx
include:s._spf.ebay.com
include:m._spf.ebay.com
include:p._spf.ebay.com
include:c._spf.ebay.com

s._spf.ebay.com
ip4:66.135.209.192/27
ip4:66.135.197.0/27
ip4:64.4.240.64/27
ip4:64.4.244.64/27
ip4:66.211.161.0/25

m._spf.ebay.com
ip4:66.135.215.224/27
ip4:216.33.244.96/27
ip4:216.33.244.84

p._spf.ebay.com
ip4:67.72.99.26
ip4:206.165.246.83
ip4:206.165.246.84
ip4:206.165.246.85
ip4:206.165.246.86
ip4:64.127.115.252
ip4:194.64.234.129/27
include:p2._spf.ebay.com

p2._spf.ebay.com
ip4:65.110.161.77
ip4:204.13.11.49
ip4:204.13.11.51
include:liveworld.com
include:emarsys.net

liveworld.com
a:mail.liveworld.com
a:smtp.liveworld.com
a:mail.mccmedia.com
mx:smtp.liveworld.com
a:sjc.liveworld.com
ip4:63.80.14.0/23
ip4:208.64.132.0/22
-all (wow)

emarsys.net
ip4:81.223.46.25
ip4:81.223.46.26
ip4:81.223.46.27
ip4:81.223.46.28
ip4:81.223.46.29
ip4:81.223.46.30
ip4:81.223.46.10
ip4:81.223.46.11
ip4:81.223.46.12
ip4:81.223.46.13

c._spf.ebay.com
ip4:12.155.144.75
ip4:62.22.61.131
ip4:63.104.149.126
ip4:64.68.79.253
ip4:64.94.204.222
ip4:66.135.215.134
ip4:67.72.12.29
ip4:193.28.178.23
ip4:193.28.178.24
include:c2._spf.ebay.com

c2._spf.ebay.com
ip4:80.93.9.10
ip4:195.234.136.12
ip4:203.49.69.114
ip4:209.63.28.11
ip4:210.80.80.136
ip4:212.110.10.2
ip4:212.147.136.123
include:c3._spf.ebay.com

c3._spf.ebay.com
ip4:213.219.8.227
ip4:216.113.168.128
ip4:216.113.175.128
ip4:216.177.178.3
ip4:217.149.33.234
ip4:220.248.6.124
ip4:67.72.12.30
include:c4._spf.ebay.com

c4._spf.ebay.com
ip4:216.113.188.112
ip4:80.66.137.58
ip4:212.208.64.34
ip4:216.113.188.96
ip4:216.33.244.6
ip4:216.33.244.7
ip4:63.80.14.17
ip4:216.113.175.152
ip4:216.113.175.153

Pheww.. Do you think that’s more than 10 entries? No wonder it’s not helping

[X] Your infrastructure is too complicated.
[X] You have more money (and networks) than …......
[X] Your good intentions went to waste.
[X] Your using a ~all record when your business dictates -all.

/* */

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on September 8, 2007 by Chris @ 8:18 am

Just a quick ‘n’ simple howto on installing SPF tests in postfix on ubuntu:

Get the policy plugin and perl modules

sudo apt-get install postfix-policyd-spf-perl libmail-spf-perl libversion-perl libnetaddr-ip-perl

sudo vim /etc/postfix/master.cf and insert the following at the bottom

policy  unix  -       n       n       -       -       spawn
 user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl

sudo vim /etc/postfix/main.cf and insert “heck_policy_service unix:private/policy,” somewhere after the reject_unauth_destination or you’ll become a open-relay for anyon with a valid spf (think +). Mine looks like this:

smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/var/lib/pop-before-smtp/hosts, reject_unauth_destination, check_helo_access regexp:/etc/postfix/helo_checks, check_policy_service unix:private/policy, permit

Then simply sudo /etc/init.d/postfix restart (and check your mail log in case you made a typo!)

That’s it!

Here is a citezns bank phish soft failing in the log:
Sep 8 08:45:51 localhost postfix/policy-spf[31433]: : Policy action=PREPEND Received-SPF: softfail (citizensbank.com: Sender is not authorized by default to use 'clientcare.refUD44983558.gps@citizensbank.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=localhost.localdomain; identity=mfrom; envelope-from="clientcare.refUD44983558.gps@citizensbank.com"; helo=190.Red-88-27-224.staticIP.rima-tde.net; client-ip=88.27.224.190

Now how can I convince the banks to use -all records??

/* */

Filed under: ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on August 30, 2007 by Chris @ 10:11 am

...and mummy Mason too.

Congratulations on your last good nights sleep in a couple of years!

Family

As you can see from the close-up she inhereted her good looks from mum

Baby

News leaked from J’s flickr

Very best withes to all three of you! You’re all looking very well so now on with the serious business of wetting the baby’s head!

/* */

Filed under: News and ~/
Comments: 3 Comments

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on August 18, 2007 by Chris @ 9:47 am

Here is a sneak peek at the next tool in the rrd-client suite. A daemon that monitors your MTA’s logs real-time and feeds stats into rrd-server.
Graph
Plenty of TODO’s still to be completed but it’s dead neat so far.

Not sending all that mail through spamassassin is really helping my CPU usage too. This is really going to help when I get my colo box next week.
Graph2

/* */

Filed under: Spam and ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on August 4, 2007 by Chris @ 11:06 am

It would appear that some 3-4 hours of spam was cluelessly sent with a fake from address aimed at me, but this time there was no grief with it unlike the last big last time. This attack was about half the size of the awesome flood a year ago.

So this gave me an excellent opportunity to test out many mail servers sending me ‘ham’ via the greylist service (set to accept after 40 seconds). So here is a small random selection:

X-Greylist: delayed 1107 seconds (postfix)
X-Greylist: delayed 95 seconds (sendmail)
X-Greylist: delayed 169 seconds (sendmail)
X-Greylist: delayed 1295 seconds (postfix)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 1208 seconds (nplex)
X-Greylist: delayed 1307 seconds (postfix)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 400 seconds (qmail – hmmm a pattern)
X-Greylist: delayed 318 seconds (sendmail)
X-Greylist: delayed 63 seconds (microsoft )
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 62 seconds (unknown – suspect MS p0f gave “Windows 2000 SP4, XP SP1”)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 64 seconds (microsoft)
X-Greylist: delayed 840 seconds (sendmail)
X-Greylist: delayed 65 seconds (microsoft)
X-Greylist: delayed 2353 second (postfix)
X-Greylist: delayed 970 seconds (symantec)
X-Greylist: delayed 2616 seconds (sendmail)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 162 seconds (unknown – Linux)
X-Greylist: delayed 917 seconds (sendmail)
X-Greylist: delayed 64 seconds (microsoft)
X-Greylist: delayed 399 seconds (qmail)
X-Greylist: delayed 363 seconds (postfix)
X-Greylist: delayed 69 seconds (microsoft)
X-Greylist: delayed 69 seconds (microsoft)
X-Greylist: delayed 915 seconds (MS IMS)
X-Greylist: delayed 395 seconds (qmail)
X-Greylist: delayed 445 seconds (sendmail)

So a revisit time of 580-620 seconds might be worth a spamassassin point or two.

One observation that also caught my eye is that yahoo are sending a lot of user-unknown messages out of the SMTP session. Yahoo are whitelisted on postgrey and hence have no greylist header added (though I wish it would with the reasoning) so I caught a lot of their blow-back for user unknown errors. Thats just wrong Y! guys!

/* */

Filed under: Spam and ~/
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

Posted on July 15, 2007 by Chris @ 1:38 pm

With nothing better to do on a dull/hungover Sunday morning I thought I’d investigate a rumor I’d heard in the week regarding greylisting.
Now don’t get me wrong, I’m no fan of delaying email. I just want to see if what I’d heard was true…

I’m a bit of a tree-hugging Debian/postfix junkie so getting everything going was literally childs-play. Postgrey being the implementation of choice this time round and I had it running and tested in under 2 minutes.

sudo apt-get install postgrey

Then a quick edit of postfix’s main.cf.

At this time I also reduced the timeout from 5 minutes to 40 seconds since all I’m interested in is if they come back at all.

At the same time I deliberately turned off all rbl’s so that I’d get a big & fair dataset on the trap server. Then all I had to do is sit and watch.

Now of course this let through all the spam being sent via ISP’s relays but looking for direct sending bots running on DSL’s is pretty easy because they don’t have Wanadoo/Orange or Tiscali in the headers (only kidding).

So after a quick cuppa I had the results I was expecting. Here are the log highlights:

X-Greylist: delayed 651 seconds by postgrey;  <image /knob pills
X-Greylist: delayed 602 seconds by postgrey;  <PDF
X-Greylist: delayed 602 seconds by postgrey;  <Ecard
X-Greylist: delayed 605 seconds by postgrey;  <Image/knob pills
X-Greylist: delayed 608 seconds by postgrey;  <PDF
X-Greylist: delayed 604 seconds by postgrey;  <Stock
X-Greylist: delayed 685 seconds by postgrey;  <Ecard
X-Greylist: delayed 603 seconds by postgrey;  <Stock

These were all definitely dialup/dsl pools. The interesting thing is how long they all took to come back but nevertheless it shows that at least some bots are well wise to greylisting.

/* */

Filed under: Spam
Comments: None

This is a j.u.n.k.m.a.i.l. t.r.a.p. - please ignore. From bawg twap blogsnow.com Technorati Profile

« newer posts

Geeks

µblog