Add the Netcraft Toolbar to your browser and not only will you have information on each site you visit on-screen, but it also blocks access to known phishing sites.
My setup is probably somewhat standard. I'm curious how it fits into a Postfix setup.
With sendmail you have several different config file/systems:
1. RBLs 2. local-host-names 3. aliases 4. virtusertable (why 3-4 aren't consolidated is a good example of where sendmail is problemmatic) 5. access table
How does Postfix handle these items?
There are many things about Sendmail that bother me. Most notably is the lack of respect for domain-specific user accounts. I.e. if you have a user account of "office", without explicit redirects for other hosts on the mailserver, office@ any domain on your server will go to that account. Does Postfix handle that scenario differently? Does it require each account name to be implicit?
Also, how would you use the access table feature in Postfix? If you want to hard-code hosts you will/will-not accept mail from?
I'm using Dotster. I have had good experiences with them. With one exception. We had an outage in the wake of Katrina and Dotster seemed overly liberal about letting a few clients take control of their domains without making any contact with us even though I was listed as admin and tech contact. As a result, when we lit back up, these clients went dark. I think the folks at Dotster freaked out after Hurricane Katrina and folded to any group calling them up saying, "Our web site is down, give us access!" I am hoping that won't happen again.
I couldn't have expressed it better myself. When all the hooplah about Qmail surfaced many years ago, I jumped on the bandwagon. It was fast, but the software is, in a word, arrogant as hell. It expects to be set up a specific way, which is not a prerequisite for the max efficiency, security or compatibility it purpports to claim.
I seem to recall reading the manual where it said something like, "If you don't understand how to set this program up, use another MTA."
I tried to move from Sendmail to Qmail a few years back and the author laughed in my face when I suggested he make the system work with a centrally located/var/mail. I'd always admired the speed of the system, but if you're running server that doesn't have a bunch of users with shell access, the central mail directory works fine, but Qmail is a bit too troublesome to hack to get running right.
I haven't tried Postfix. How easy is it to drop Postfix into an existing Sendmail installation? Is there any info on that transition? Is there anything that Sendmail does much better than Postfix?
When you take time to update Sendmail, also consider adding some hard coded relay blacklist entries. This is an access-based RBL that hangs up on known broadband DUL space containing zombies. A nice addition to a well tweaked Sendmail setup.
If you think flirting with the law will make things better, go for it. I don't have a problem with that.
However, you might want to look at history and recognize the fact that vigilantes have historically tended to be prosecuted more often than those whom they fight against. I'm just being realistic here. If I thought vigilantism would actually be effective, I might suggest it because trust me, I hate spam even more than you do.
Now if you want to launch a one-man attack against all botnets on the planet, you have my support. If you want to launch a program that will wipe the hard drive of any zombie computer clean, I will spend my money to fly out and hold up a picket sign at your computer tampering trial. I promise. Go for it!
In my 12 years of working on the Internet, no registrar with the possible exception of Network Solutions has caused more wholesale heartache for legitimate customers than Godaddy. They are the biggest bunch of sleazebags on the planet. At least NSI had an excuse... they had monopoly power early on and exploited it. GoDaddy came out of the gate with the intention to defraud, mislead and exploit consumers. Every time I have a client who is using them, my immediate response is, "Oh Fuck!" That's how much they suck. That's how difficult it is to get any decent amount of customer service; that's how much bullshit I have to go through in order to get my client domains operating properly. There is no worse domain registrar on the planet in my opinion than GoDaddy. If you're a total moron, you use GoDaddy. That's it plain and simple. There are no people who disagree with me; there are merely people who haven't been screwed over yet, and will be eventually. That's the GoDaddy creedo that they haven't figured out.
Please to let me say I told you so. If you're smart you won't deal with Godaddy. I have no incentive to say this beyond the fact that my many years of trouble and torment from these jerkwads forces me to not even wish upon my worst enemy, the sleaziness that is their operation.
This makes perfect sense for anyone who's had experience with both Godaddy and Microsoft products. This is good news for those of us who want more stability and performance in our offerings. It's even easier to steer clear of these monstrosities. Now let's see if we can get Hyundai and Network Solutions to team up.
AOL had a very simple approach: use port 587 instead of 25. As a result of their bold and aggressive move, most e-mail clients now have easy ways to change the smtp port if they didn't already.
Obviously, someone who works at Verizon or Earthlink modded me down;p Not my fault you guys SUCK.
Most botnets are used for spamming. An analysis of the majority of inbound spam clearly shows most of the traffic coming from unauthorized SMTP relays set up in broadband IP space. The main advantage to setting up botnets is to do mass-mailing from a large pool of IP addresses that have the best chance of getting around RBLs. Spamming is the primary revenue source for botnets and also the primary manner in which machines are infected.
Some ISP recognize this issue and are dealing with it. Some are not.
The solution is very simple: filter port 25 traffic from broadband IP space.
Let me repeat this, because it's real simple.. it's so goddam simple that we're now to a point where any ISP that doesn't do this should be considered grossly negligent and a spammer themselves.
Some ISPs are responsible and some are not. AOL is a good example. AOL started filtering port 25 traffic and this has a dramatic effect on the security of their clients, the performance of their network and the overall safety of the Internet at large. Other ISPs are working on this too, like Bellsouth. These are the good ISPs who recognize that this simple solution can create a dramatic reduction in botnet propagation and spamming.
On the other hand, you still have many ISPs who don't seem to give a shit and are part of the problem. I'm not talking about the foreign ISPs... we know they're irresponsible. TDE, Brazil, China, Korea... it's easier to just wholesale block their IP ranges, but domestic ISPs like EARTHLINK and Verizon continue to be a major source of spam and botnet propagation.
Earthlink particularly annoys me because they constantly advertise how great they are at keeping spam and viruses out. Ironically, they are one of the largest sources of spam, phshing scams and worms in the United States. Thanks Earthlink! Get your fucking act together you morons. Take a few of those goddam leprechans and pink unicorns you have hanging around and replace your existing IT staff!! Filter port 25 so we don't have to deal with spam, worms, system probes and wasted bandwidth from your badly-managed networks!
Filtering port 25 takes a lot of the incentive out of creating a botnet. Everyone who really understands the dynamics of the spam/worm problem recognizes this.
Vigilantism is still against the law in this case. Computer tampering is computer tampering.
The solution to this problem is to put a few of these guys in jail. The solution is for the feds to get off their goddam lazy asses and prosecute these people. You don't poke around in someone's compromised computer, for good or evil.
What these people are doing is against the law and it has always been against the law. The problem we have is that the law enforcement authorities seem more obsessed with Tommy Cheech selling bongs online than they are real gangs of organized criminals who are interfering with commerce, privacy and national security. Go figure?!
Interesting reply, but I adamantely feel you're profoundly misguided by some sort of perverse, blind idealism, that "capitalism" is an end when it is merely a means.
Power corrupts. Corporations are the new example of this, and nowhere is the corruption of a society more evident than in pure capitalist societies where powerful, dominant corporate entities blatantly disregard the best interests of the people in favor of profit. At this point, your notion that people should be held accountable for their actions in allowing the bastardization of their interests is moot. Corporations control the media. The media controls what people think. At this point, the people are puppets. It's foolish that they are, but they no longer have the means to educate themselves to the true nature of the dynamics at play, nor are they even aware of the degree to which they can affect change. This is like condemning some tribe in Africa because they haven't invented and implemented electricity. It's not something that occurs to them due to the environment in which they're in.
I agree with others here. Capitalism is a disease, masquerading as some sort of solution. And coincedentally, those promoting the goofball notion that capitalism is a great thing are those who endeavor to profit at the exploitation and ignorance of others... and you want to keep people in ignorance and then blame them for their ignorance?
Suffice to say there's always been mediocre content.
However, if you look at mainstream media: news, music and radio stations, movies and television shows, you CONSISTENTLY find that the best produced products, in virtually EVERY GENRE are mostly outside the edges of commercial media. From HBO to Comedy Central, to most musical acts that are on mainstream radio sucking huge and all sounding like the same whiny gen-x'er losers who are using the same music production software to compress the shit out the tracks done by samples and session guys. It's all shit mainly. You are right about one thing... all the good stuff is out [of the mainstream] comfort zone.
I like your diatribe, however, ironically, you are part of the problem, like in a larger sense, all of us are.
You have a gmail address. You use the services of these big companies. The consolidation of corporate America into a small OPEC-like coalition of PACs is what allowed the eradication of the Fairness Doctrine to go down in the 80s without even a whimper, the emasculation of journalists and political candidates, bringing about the scenario where the people don't feel they have much power to effect change or stand up for their rights. And ultimately, merely as a symptom of its submission to big business, your fixation with Government's negligence in protecting the rights of the people.
If you want to really fix things. You have to stop feeding the behemoths. Microsoft, Comcast, Google, Fox, Time-Warner, Sony, Wal-Mart, Clear Channel, etc. The bigger these companies become, the less chance any of us have of protecting our individual rights.
When you're dealing with small companies, you're dealing with people who are more in touch with their nature of their business, industry and their customers. When you deal with big corporations, it's a hyper-detached hierarchy of people whose primary concern has nothing to do with fairness and everything to do with keeping their job. Google's decision to fight "for the privacy of their customers" is a load of bullshit. It was strictly a PR move. If Google really respected their customers' privacy, they wouldn't retain personal information indefinitely, so it is an inevitability that Google will eventually, completely compromise the trust and privacy of their clientele. The bigger the company becomes, the less authority anyone has with any conscience to "to the right thing." Look at history. You will not find a single example of any entity with market share or absolute power that didn't end up completely corrupted. Why people think that Google will be any different, or their surprise at the government's inconsistent motives, is a testimonial to how naive our society has become.
If you don't like the direction in which things are going, then don't feed the beast.
With all due respect, I call bullshit. There are plenty of ISPs who have better things to do than archive users' e-mail correspondence. Some of us actually respect our customers' privacy. We may take snapshots of the servers and there may current mailbox contents, but there are lots of ISPs out there that delete web and e-mail logs and archives after a suitable period.
IMO, it is more suspicious if you keep unnecessary data around, as if it can be used as a weapon later. Would you record all your phone calls in case you needed to use these recordings later? Wouldn't that make you more suspicious than not?
This is a great example of why it's so much better to use a small/regional ISP for mail and other services. They really do respect customers' privacy and they don't have the resources to archive customer data. It goes without saying, "Nothing is free" and this is a good example of that.
Your formula works on everything from the Segway to just about every bill the Bush administration has pushed through congress on the premise it will do X or Y.
I have idea for Verizon. Why don't they use some new tech, old tech, or any goddam tech, to stop the overwhelming array of spam originating from zombie PCs in their netblocks? How much shit do we have to put up with before Verizon gets off their lazy asses and stops polluting the net!
AOL and other ISPs have taken aggressive and extremely effective approaches by filtering port 25 traffic on their networks. As a result, the spam and zombie activity from their customers has dropped off dramatically. ISPs like Comcast and Verizon still have yet to do this and they're a major source of internet pollution.
Until Verizon controls the illegal activity of their users, I urge all system administrators to block all port 25 traffic from Verizon IP blocks such as:
Slashdot Mirror
Thanks very much for the info. I really appreciate it!
Add the Netcraft Toolbar to your browser and not only will you have information on each site you visit on-screen, but it also blocks access to known phishing sites.
Thanks for the info. I'm going to look into it.
My setup is probably somewhat standard. I'm curious how it fits into a Postfix setup.
With sendmail you have several different config file/systems:
1. RBLs
2. local-host-names
3. aliases
4. virtusertable (why 3-4 aren't consolidated is a good example of where sendmail is problemmatic)
5. access table
How does Postfix handle these items?
There are many things about Sendmail that bother me. Most notably is the lack of respect for domain-specific user accounts. I.e. if you have a user account of "office", without explicit redirects for other hosts on the mailserver, office@ any domain on your server will go to that account. Does Postfix handle that scenario differently? Does it require each account name to be implicit?
Also, how would you use the access table feature in Postfix? If you want to hard-code hosts you will/will-not accept mail from?
I suspect the 2004 Cadillac Deville Limo could be considered evidence of insanity in a subsequent appeal.
Guys, next round is on me!
I'm using Dotster. I have had good experiences with them. With one exception. We had an outage in the wake of Katrina and Dotster seemed overly liberal about letting a few clients take control of their domains without making any contact with us even though I was listed as admin and tech contact. As a result, when we lit back up, these clients went dark. I think the folks at Dotster freaked out after Hurricane Katrina and folded to any group calling them up saying, "Our web site is down, give us access!" I am hoping that won't happen again.
Doh!
Sorry... didn't mean to dis Hyundai... maybe I'm wrong about them.. I probably meant to use Yugo.
I couldn't have expressed it better myself. When all the hooplah about Qmail surfaced many years ago, I jumped on the bandwagon. It was fast, but the software is, in a word, arrogant as hell. It expects to be set up a specific way, which is not a prerequisite for the max efficiency, security or compatibility it purpports to claim.
I seem to recall reading the manual where it said something like, "If you don't understand how to set this program up, use another MTA."
I tried to move from Sendmail to Qmail a few years back and the author laughed in my face when I suggested he make the system work with a centrally located /var/mail. I'd always admired the speed of the system, but if you're running server that doesn't have a bunch of users with shell access, the central mail directory works fine, but Qmail is a bit too troublesome to hack to get running right.
I haven't tried Postfix. How easy is it to drop Postfix into an existing Sendmail installation? Is there any info on that transition? Is there anything that Sendmail does much better than Postfix?
When you take time to update Sendmail, also consider adding some hard coded relay blacklist entries. This is an access-based RBL that hangs up on known broadband DUL space containing zombies. A nice addition to a well tweaked Sendmail setup.
Otto,
If you think flirting with the law will make things better, go for it. I don't have a problem with that.
However, you might want to look at history and recognize the fact that vigilantes have historically tended to be prosecuted more often than those whom they fight against. I'm just being realistic here. If I thought vigilantism would actually be effective, I might suggest it because trust me, I hate spam even more than you do.
Now if you want to launch a one-man attack against all botnets on the planet, you have my support. If you want to launch a program that will wipe the hard drive of any zombie computer clean, I will spend my money to fly out and hold up a picket sign at your computer tampering trial. I promise. Go for it!
btw, are you the otto on EE?
In my 12 years of working on the Internet, no registrar with the possible exception of Network Solutions has caused more wholesale heartache for legitimate customers than Godaddy. They are the biggest bunch of sleazebags on the planet. At least NSI had an excuse... they had monopoly power early on and exploited it. GoDaddy came out of the gate with the intention to defraud, mislead and exploit consumers. Every time I have a client who is using them, my immediate response is, "Oh Fuck!" That's how much they suck. That's how difficult it is to get any decent amount of customer service; that's how much bullshit I have to go through in order to get my client domains operating properly. There is no worse domain registrar on the planet in my opinion than GoDaddy. If you're a total moron, you use GoDaddy. That's it plain and simple. There are no people who disagree with me; there are merely people who haven't been screwed over yet, and will be eventually. That's the GoDaddy creedo that they haven't figured out.
Please to let me say I told you so. If you're smart you won't deal with Godaddy. I have no incentive to say this beyond the fact that my many years of trouble and torment from these jerkwads forces me to not even wish upon my worst enemy, the sleaziness that is their operation.
You're right. Godaddy is not suddenly the bad guy.
They've been the bad guy for ages.
I would sooner have my fingernails pulled out with a rusty pair of pliers than EVER do business with Godaddy.
This makes perfect sense for anyone who's had experience with both Godaddy and Microsoft products. This is good news for those of us who want more stability and performance in our offerings. It's even easier to steer clear of these monstrosities. Now let's see if we can get Hyundai and Network Solutions to team up.
AOL had a very simple approach: use port 587 instead of 25. As a result of their bold and aggressive move, most e-mail clients now have easy ways to change the smtp port if they didn't already.
;p Not my fault you guys SUCK.
Obviously, someone who works at Verizon or Earthlink modded me down
Most botnets are used for spamming. An analysis of the majority of inbound spam clearly shows most of the traffic coming from unauthorized SMTP relays set up in broadband IP space. The main advantage to setting up botnets is to do mass-mailing from a large pool of IP addresses that have the best chance of getting around RBLs. Spamming is the primary revenue source for botnets and also the primary manner in which machines are infected.
Some ISP recognize this issue and are dealing with it. Some are not.
The solution is very simple: filter port 25 traffic from broadband IP space.
Let me repeat this, because it's real simple.. it's so goddam simple that we're now to a point where any ISP that doesn't do this should be considered grossly negligent and a spammer themselves.
Some ISPs are responsible and some are not. AOL is a good example. AOL started filtering port 25 traffic and this has a dramatic effect on the security of their clients, the performance of their network and the overall safety of the Internet at large. Other ISPs are working on this too, like Bellsouth. These are the good ISPs who recognize that this simple solution can create a dramatic reduction in botnet propagation and spamming.
On the other hand, you still have many ISPs who don't seem to give a shit and are part of the problem. I'm not talking about the foreign ISPs... we know they're irresponsible. TDE, Brazil, China, Korea... it's easier to just wholesale block their IP ranges, but domestic ISPs like EARTHLINK and Verizon continue to be a major source of spam and botnet propagation.
Earthlink particularly annoys me because they constantly advertise how great they are at keeping spam and viruses out. Ironically, they are one of the largest sources of spam, phshing scams and worms in the United States. Thanks Earthlink! Get your fucking act together you morons. Take a few of those goddam leprechans and pink unicorns you have hanging around and replace your existing IT staff!! Filter port 25 so we don't have to deal with spam, worms, system probes and wasted bandwidth from your badly-managed networks!
Filtering port 25 takes a lot of the incentive out of creating a botnet. Everyone who really understands the dynamics of the spam/worm problem recognizes this.
Vigilantism is still against the law in this case. Computer tampering is computer tampering.
The solution to this problem is to put a few of these guys in jail. The solution is for the feds to get off their goddam lazy asses and prosecute these people. You don't poke around in someone's compromised computer, for good or evil.
What these people are doing is against the law and it has always been against the law. The problem we have is that the law enforcement authorities seem more obsessed with Tommy Cheech selling bongs online than they are real gangs of organized criminals who are interfering with commerce, privacy and national security. Go figure?!
Interesting reply, but I adamantely feel you're profoundly misguided by some sort of perverse, blind idealism, that "capitalism" is an end when it is merely a means.
Power corrupts. Corporations are the new example of this, and nowhere is the corruption of a society more evident than in pure capitalist societies where powerful, dominant corporate entities blatantly disregard the best interests of the people in favor of profit. At this point, your notion that people should be held accountable for their actions in allowing the bastardization of their interests is moot. Corporations control the media. The media controls what people think. At this point, the people are puppets. It's foolish that they are, but they no longer have the means to educate themselves to the true nature of the dynamics at play, nor are they even aware of the degree to which they can affect change. This is like condemning some tribe in Africa because they haven't invented and implemented electricity. It's not something that occurs to them due to the environment in which they're in.
I agree with others here. Capitalism is a disease, masquerading as some sort of solution. And coincedentally, those promoting the goofball notion that capitalism is a great thing are those who endeavor to profit at the exploitation and ignorance of others... and you want to keep people in ignorance and then blame them for their ignorance?
Suffice to say there's always been mediocre content.
However, if you look at mainstream media: news, music and radio stations, movies and television shows, you CONSISTENTLY find that the best produced products, in virtually EVERY GENRE are mostly outside the edges of commercial media. From HBO to Comedy Central, to most musical acts that are on mainstream radio sucking huge and all sounding like the same whiny gen-x'er losers who are using the same music production software to compress the shit out the tracks done by samples and session guys. It's all shit mainly. You are right about one thing... all the good stuff is out [of the mainstream] comfort zone.
I like your diatribe, however, ironically, you are part of the problem, like in a larger sense, all of us are.
You have a gmail address. You use the services of these big companies. The consolidation of corporate America into a small OPEC-like coalition of PACs is what allowed the eradication of the Fairness Doctrine to go down in the 80s without even a whimper, the emasculation of journalists and political candidates, bringing about the scenario where the people don't feel they have much power to effect change or stand up for their rights. And ultimately, merely as a symptom of its submission to big business, your fixation with Government's negligence in protecting the rights of the people.
If you want to really fix things. You have to stop feeding the behemoths. Microsoft, Comcast, Google, Fox, Time-Warner, Sony, Wal-Mart, Clear Channel, etc. The bigger these companies become, the less chance any of us have of protecting our individual rights.
When you're dealing with small companies, you're dealing with people who are more in touch with their nature of their business, industry and their customers. When you deal with big corporations, it's a hyper-detached hierarchy of people whose primary concern has nothing to do with fairness and everything to do with keeping their job. Google's decision to fight "for the privacy of their customers" is a load of bullshit. It was strictly a PR move. If Google really respected their customers' privacy, they wouldn't retain personal information indefinitely, so it is an inevitability that Google will eventually, completely compromise the trust and privacy of their clientele. The bigger the company becomes, the less authority anyone has with any conscience to "to the right thing." Look at history. You will not find a single example of any entity with market share or absolute power that didn't end up completely corrupted. Why people think that Google will be any different, or their surprise at the government's inconsistent motives, is a testimonial to how naive our society has become.
If you don't like the direction in which things are going, then don't feed the beast.
The irony is that most of today's media: games and movies aren't worth playing/watching, much less making back-up copies.
With all due respect, I call bullshit. There are plenty of ISPs who have better things to do than archive users' e-mail correspondence. Some of us actually respect our customers' privacy. We may take snapshots of the servers and there may current mailbox contents, but there are lots of ISPs out there that delete web and e-mail logs and archives after a suitable period.
IMO, it is more suspicious if you keep unnecessary data around, as if it can be used as a weapon later. Would you record all your phone calls in case you needed to use these recordings later? Wouldn't that make you more suspicious than not?
This is a great example of why it's so much better to use a small/regional ISP for mail and other services. They really do respect customers' privacy and they don't have the resources to archive customer data. It goes without saying, "Nothing is free" and this is a good example of that.
Go with the small ISPs and you will be secure.
Your formula works on everything from the Segway to just about every bill the Bush administration has pushed through congress on the premise it will do X or Y.
I have idea for Verizon. Why don't they use some new tech, old tech, or any goddam tech, to stop the overwhelming array of spam originating from zombie PCs in their netblocks? How much shit do we have to put up with before Verizon gets off their lazy asses and stops polluting the net!
AOL and other ISPs have taken aggressive and extremely effective approaches by filtering port 25 traffic on their networks. As a result, the spam and zombie activity from their customers has dropped off dramatically. ISPs like Comcast and Verizon still have yet to do this and they're a major source of internet pollution.
Until Verizon controls the illegal activity of their users, I urge all system administrators to block all port 25 traffic from Verizon IP blocks such as:
68.160.* * - 68.170+
70.16.*.* - 70.23.*.*
70.104.*.* - 70.124.*.*
71.100.*.* - 71.251.*.*
141.150.*.* - 141.158.*.*
151.199.*.* - 151.200.*.*
etc.
Screw you Verizon. Control your idiot users!