Tag Archives: tech

Choosing a distro, chapter 0

I told Bert I’d journal this, so here it is.

I’m trying to choose a distro for my training machines, so that I can do a rebuild periodicaly. With the following requirements:

* The distro is usable by people not completely familiar with Unix

* The install does not require baby-sitting

* The install does not install a horribly broken Apache distro, as so many of them seem to these days

Personally, I have been using Slackware for some time, and I used BSD before that, so my personal requirements are a little different. But I can’t assume that my students know anything about Unix (although, so far, most have) or know how to use Enlightenment. Plus, I want something I can rebuilt in a few minutes of baby-sitting.

More about spam

I’ve noticed that my personal email volume has plunged over the last week. Apparently the spammers took the week off as well as the folks that contribute to the various email lists I’m on. I rather expected that spam volume would skyrocket during the Christmas holidays. I really wish I had spam stats from before last week. It would be interesting to compare my perceptions with reality. We’ll see what happens in the new year when things get cranked back up.

Tons ‘O Spam

I’ve started monitoring SpamAssassin via mrtg. (Google for spam and mrtg. Configuration information is 3rd or 4th on the list.) Turns out that 58% of all the email I have received in December has been spam. And that doesn’t count all the stuff that made it through the filters because it was not quite spammy enough for Spam Assassin, which would probably make it up to the 60% mark. This is really quite shocking. Email is still one of the primary uses of the internet infrustructure, and 60% of that traffic is complete poop.

I found it additionally interesting that my parents, who are normal internet users, and are not paranoid about filling out forms (or at least, not as paranoid as I am) with their real information, get nearly 3 times as much spam as I do.

root@buglet:/var/spool/mail# grep -ic "^to:.*[dad's address]" spam
133
root@buglet:/var/spool/mail# grep -ic "^to:.*[mom's address]" spam
134
root@buglet:/var/spool/mail# grep -ic "^to:.*[my address]" spam
47

That’s just today’s spam, which I’ve been redirecting off into a file for the purpose of stats.

Anyways, the actual graphs are uninteresting, as they chart total messages vs total spam for the month. They will saw-tooth at the beginning of each month when I rotate the log files

http://buglet.rcbowen.com/mrtg/spam_spam.html

Backups? Bah, Humbug!

It appears that the CD-RWs that I’ve been using for nightly backups have *all* gone bad. I’m not sure how long it has been since I’ve had a good backup.

Note to self: Weekly restore tests.

Oy.

Spam filtering

This needs to be archived somewhere, or I won’t know how to do it next time.

OK, first of all, yes, I am running Sendmail. I have no particular animosity towards moving to postfix, or anything else for that matter, I have merely lacked the time. I suppose, however, that i have now spent more time on wrestling with Sendmail than it would have taken to migrate. That’s neither here nor there.

Note to self: Guy- on #apache will help integrating qmail with spamassassin if I decide to go that way.

The problem that I am trying to solve is spam filtering. Here’s the solution that I have in place at the moment.

I have two kind of email addresses – those that actually go to a local account, and those that are immediately forwarded out via an /etc/aliases entry. I currently have a good solution for the former, and a functional-but-annoying solution for the latter.

First, install spamassassin. It is at spamassassin.sourceforge.net and is easy to install.

Second, have sendmail call spamassassin on all incoming email. This is accomplished, at least in my current scenario, via a /etc/procmailrc file containing the following:

  BLOCKFILE=/var/spool/mail/spam

  :0fw
  | spamc -u $LOGNAME -s 2048000

  :0
  * ^X-Spam-Status: Yes
  {
      LOG="RECIPE: Blocked by SpamAssassin$NL"

  :0
  $BLOCKFILE
  }

This causes spamc to run as the user receiving the email. The -s specifies a maximum message size – larger messages are just passed through. This cuts down on enormous memory usage.

This causes all incoming email to get piped off through the spam filter. Note that spamd needs to be running for this to work.

.

For non-local accounts, this is harder. That is, for addresses that just have a forwarding entry in /etc/aliases, it seems that sendmail runs the forwarding phase before it gets to the procmail phase, so those addresses don’t get filtered. Here’s my solution, although I am *SURE* that there is a more elegant way to do this.

For these users, I’ve actually created a user acount. (I know, I know!) and in their home directory, I have the following .procmailrc file:

  VERBOSE=off
  SENDMAIL=/usr/sbin/sendmail
  MAILDIR=/var/spool/mail
  LOGFILE=/home/username/.procmail_log

  :0fw
  |/usr/bin/spamassassin

  :0:
  * ^X-Spam-Status: Yes
  spam

  :0:
  * ^To.*
  ! other@address.net

Now, I *know* there’s got to be a better way to do this, so I’m waiting for all you find people to email me and tell me about it.

And, again for my own records, here’s what Guy- on #apache recommended

<Guy-> DrBacchus: i.e. something like |sh -c 'DESTADDR=foo@some.where.com procmail -someswitch /etc/filter/procmailrc' or suchlike

New network card

How the heck did Linux users survive before Google? Perhaps they just figured stuff out on their own, or moved back to Windows. So maybe Google lets dumber people use Linux now. God bless it.

This morning when I inserted my network card, I got a “Nov 30 07:56:10 rhiannon kernel: eth0: MII is missing!” message. Which was completely greek to me. What I gathered, via experimentation (my other nic still worked) and googling (this is a generic hardware error for which there’s no particularly obvious solution) was that my card was toasty, and I needed a new one.

I have long loathed pcmcia network cards and their “dongles”. I figure that the guy that came up with the dongle idea was a genius. You sell a card with a dongle, and you only make dongles available with new cards. The dongle is going to break, no matter how careful you are, and then you have to buy a new card, even though the old card is working perfectly well.

So when various manufacturers started making pcmcia network cards without dongles, I determined that I would get one of those when my nic finally gave up the ghost.

There I am at CompUSA, and they have LinkSys cards, which is what I already had, for $20. But they had dongles. And they had Netgear cards without dongles, for $35. Well, I know that the LinkSys card will Just Work, with no additional effort, but I really want the one without the dongle. So I got it.

And, of course, when I got home and inserted it, I got “Nov 30 12:16:27 rhiannon cardmgr[52]: unsupported card in socket 1”. Joy.

I can take the card back … but, just in case, I turn to Google. And find … http://home.nikocity.de/Ise/Twinhead/expierence.htm which tells me exactly what I need to do to get it working.

For the record, in case that site goes away someday, I had to add the following to /etc/pcmcia/config:

card "NetGear FA411 Fast Ethernet"
version "NETGEAR","FA411"
bind "pcnet_cs"

Spamassassin

The goal today is to get Spamassassin upgraded without terribly breaking anything. The problem is that I am so far back that I am concerned that none of my mail handling scripts will still work. However, since I switched to spamd/spamc a while back, I may be OK.

I hunted for about 15 minutes to figure out how that was actually getting done. Turns out there’s magic in /etc/procmailrc – the last place I would have looked – that sends everything through spamd. (Um. Yes. That’s something that *I* put in place, myself, in May. Am I supposed to remember that sort of thing? Or document it?) Of course, if I had checked the documentation first, instead of last, this would not have taken quite as long. 😉

Anyways, I think I’m just about ready to install the new version, and then things should just work. In theory. There are, however a few non-local users for whom I forward mail, and they have smamfilter scripts that pipe stuff through spamassassin, and I need to make sure those are ok. The docs say something about the dangers of upgrading from anything pre-2.40, and I’m running 2.01. *sigh*

*****

Followup: 10:26am

I seem to have spamassassin working, and I don’t seem to be losing any more email. I think I lost one message, but it appeared to be spam anyway.

In related news, it appears that ddgirl4u@hotmail.com is trying very very hard to relay thousands and thousands of messages through my mail server. I wonder if I am listed somewhere as an open relay? Anyways, I added the address to my firewall, and that stopped. The messages had faked headers from domains like .oklahoma.city and .nl.xso and stuff like that. What kind of an idiot mail server setup would you have to have to relay that stuff?