Just a quick ‘n’ simple howto on installing SPF tests in postfix on ubuntu:

1. Get the policy plugin and perl modules

sudo apt-get install postfix-policyd-spf-perl libmail-spf-perl libversion-perl libnetaddr-ip-perl

2. sudo vim /etc/postfix/master.cf and insert the following at the bottom

policy  unix  -       n       n       -       -       spawn
 user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl

3. sudo vim /etc/postfix/main.cf and insert “heck_policy_service unix:private/policy,” somewhere after the reject_unauth_destination or you’ll become a open-relay for anyon with a valid spf (think +). Mine looks like this:

smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/var/lib/pop-before-smtp/hosts, reject_unauth_destination, check_helo_access regexp:/etc/postfix/helo_checks, check_policy_service unix:private/policy, permit

4. Then simply sudo /etc/init.d/postfix restart (and check your mail log in case you made a typo!)

That’s it!

Here is a citezns bank phish soft failing in the log:

Sep 8 08:45:51 localhost postfix/policy-spf[31433]: : Policy action=PREPEND Received-SPF: softfail (citizensbank.com: Sender is not authorized by default to use 'clientcare.refUD44983558.gps@citizensbank.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=localhost.localdomain; identity=mfrom; envelope-from="clientcare.refUD44983558.gps@citizensbank.com"; helo=190.Red-88-27-224.staticIP.rima-tde.net; client-ip=88.27.224.190


Now how can I convince the banks to use -all records??

...and mummy Mason too.

Congratulations on your last good nights sleep in a couple of years!

As you can see from the close-up she inhereted her good looks from mum

News leaked from J’s flickr

Very best withes to all three of you! You’re all looking very well so now on with the serious business of wetting the baby’s head!

Here is a sneak peek at the next tool in the rrd-client suite. A daemon that monitors your MTA’s logs real-time and feeds stats into rrd-server.

Plenty of TODO’s still to be completed but it’s dead neat so far.

Not sending all that mail through spamassassin is really helping my CPU usage too. This is really going to help when I get my colo box next week.

It would appear that some 3-4 hours of spam was cluelessly sent with a fake from address aimed at me, but this time there was no grief with it unlike the last big last time. This attack was about half the size of the awesome flood a year ago.

So this gave me an excellent opportunity to test out many mail servers sending me ‘ham’ via the greylist service (set to accept after 40 seconds). So here is a small random selection:

X-Greylist: delayed 1107 seconds (postfix)
X-Greylist: delayed 95 seconds (sendmail)
X-Greylist: delayed 169 seconds (sendmail)
X-Greylist: delayed 1295 seconds (postfix)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 1208 seconds (nplex)
X-Greylist: delayed 1307 seconds (postfix)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 400 seconds (qmail – hmmm a pattern)
X-Greylist: delayed 318 seconds (sendmail)
X-Greylist: delayed 63 seconds (microsoft )
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 62 seconds (unknown – suspect MS p0f gave “Windows 2000 SP4, XP SP1”)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 64 seconds (microsoft)
X-Greylist: delayed 840 seconds (sendmail)
X-Greylist: delayed 65 seconds (microsoft)
X-Greylist: delayed 2353 second (postfix)
X-Greylist: delayed 970 seconds (symantec)
X-Greylist: delayed 2616 seconds (sendmail)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 162 seconds (unknown – Linux)
X-Greylist: delayed 917 seconds (sendmail)
X-Greylist: delayed 64 seconds (microsoft)
X-Greylist: delayed 399 seconds (qmail)
X-Greylist: delayed 363 seconds (postfix)
X-Greylist: delayed 69 seconds (microsoft)
X-Greylist: delayed 69 seconds (microsoft)
X-Greylist: delayed 915 seconds (MS IMS)
X-Greylist: delayed 395 seconds (qmail)
X-Greylist: delayed 445 seconds (sendmail)

So a revisit time of 580-620 seconds might be worth a spamassassin point or two.

One observation that also caught my eye is that yahoo are sending a lot of user-unknown messages out of the SMTP session. Yahoo are whitelisted on postgrey and hence have no greylist header added (though I wish it would with the reasoning) so I caught a lot of their blow-back for user unknown errors. Thats just wrong Y! guys!

With nothing better to do on a dull/hungover Sunday morning I thought I’d investigate a rumor I’d heard in the week regarding greylisting.
Now don’t get me wrong, I’m no fan of delaying email. I just want to see if what I’d heard was true…

I’m a bit of a tree-hugging Debian/postfix junkie so getting everything going was literally childs-play. Postgrey being the implementation of choice this time round and I had it running and tested in under 2 minutes.

sudo apt-get install postgrey

Then a quick edit of postfix’s main.cf.

At this time I also reduced the timeout from 5 minutes to 40 seconds since all I’m interested in is if they come back at all.

At the same time I deliberately turned off all rbl’s so that I’d get a big & fair dataset on the trap server. Then all I had to do is sit and watch.

Now of course this let through all the spam being sent via ISP’s relays but looking for direct sending bots running on DSL’s is pretty easy because they don’t have Wanadoo/Orange or Tiscali in the headers (only kidding).

So after a quick cuppa I had the results I was expecting. Here are the log highlights:

X-Greylist: delayed 651 seconds by postgrey;  <image /knob pills
X-Greylist: delayed 602 seconds by postgrey;  <PDF
X-Greylist: delayed 602 seconds by postgrey;  <Ecard
X-Greylist: delayed 605 seconds by postgrey;  <Image/knob pills
X-Greylist: delayed 608 seconds by postgrey;  <PDF
X-Greylist: delayed 604 seconds by postgrey;  <Stock
X-Greylist: delayed 685 seconds by postgrey;  <Ecard
X-Greylist: delayed 603 seconds by postgrey;  <Stock

These were all definitely dialup/dsl pools. The interesting thing is how long they all took to come back but nevertheless it shows that at least some bots are well wise to greylisting.

Developer Humor:

“Subversion is not terrorist speak”

In other news OpenDNS are starting very early for sysadmin appreciation day. They are currently seeking your “protocol errors”

Pico-ITX is really tiny [Review]
At just over half the depth of an mini-itx it’d hide perfectly almost anywhere if they could only sort the need for the huge 240v->12v brick and power adapter.

I see Amazon have fallen foul of trying to patent the obvious. I mentioned over a year ago that the word obvious was hampering eBay’s patent efforts and I stand by my claim that simple obviousness going to grow into a much bigger issue for the USPTO.
News coverage c/o ./

I was taking a look at lighthouse just now as a lightweight task tracker. Functional, attractive and tight email integration all looked good until I stumbled upon their spam problem. Gah, that almost put me off.

The wikipedia entry for “List of collective nouns for reptiles and amphibians” contains this priceless entry:

Lawyers – A vulture of lawyers

Naughty…Tee Hee (I’m writing another quiz)