Geek Style

You know all those privacy problems and conspiracy theories about Gmail. Thanks to hamid, I’ve got one. And I am using it the best possible way.

You don’t like to use it for your sensitive data or personal/work email? Its excellent for subscribing mailing lists. Though you can not create folders but you can tag your mails based on subject ro TO/FROM address. So you can label mails from different mailing list and categorize them using label. And thats all.

I moved my high volume subscriptions to gmail which includes freebsd-current, freebsd-tinderbox, freebsd-fs, freebsd-hackers, freebsd-isp, sunmanagers and postfix-users.

I love Gmail.

The reason that you see so many Sun related posts in this weblog recently is that I am doing some SUN related jobs these days. And I’ve gained a lot of invaluable experiences with SunOS and stuff that I would like to share with you.

I have visited docs.sun.com several times but I haven’t dig into it accurately. There are plenty of useful documentation on Solaris is available here in both online and downloadable format.

The second good thing Stokley’s Unix SysAdm Resources, especially the SUN section.

And finally the SUN BigAdmin portal has many good Solaris related articles for SysAdmins.

Apart from my SUN related works, I am also reading “Postfix: The Definitive Guide” by Kyle D. Dent from O’reilly and Associates that is an excellent book and I really recommend it for Postfix lovers.

And another news for postfix lovers is that Wietse has released and updated set of documentation for upcomfing Postfix 2.1 software.

I’m not going to tell you the story of new title="gmail.com">Google Mail service again, since you’ve
all heard of it already.

But today I noticed that their website is accepting logins at gmail.com. And
their mail servers are also up and running:

[root@hpc:~]# host -t MX gmail.com
gmail.com mail is handled (pri=10) by gsmtp57.google.com
gmail.com mail is handled (pri=20) by gsmtp51.google.com

[root@hpc:~]# telnet gsmtp57.google.com 25
Trying 216.239.57.27...
Connected to gsmtp57.google.com.
Escape character is '^]'.
220 mx.gmail.com ESMTP
quit
221 mx.gmail.com closing connection
Connection closed by foreign host.

I didn’t test it thoroughly but I don’t know why I feel they are running
Postfix. (or maby I am wrong). I don’t know anyone who has got one of those
gmails yet, but I am really interested in getting one.

Due to high amount of DDoS attacks to DNSBLs, that disables them temporarily or in some cases forever, I made following simple perl scripts that checks tail of maillog file and reports if there was a DNSBL lookup timeout in it, so I can remove the blacklist from my configuration and prevent loss of emails.

#!/usr/bin/perl -w

$out = qx(tail -50 /var/log/maillog | grep -i \"lookup error:\");
if (length($out) != 0)
{
$hostname = qx/hostname/;
$date = qx/date/;
open MF,"| mail -s \"RBLCheck Warning\" root";
print MF "Server: $hostname";
print MF "Date: $date";
print MF "maillog snippet:\n----------\n$out----------\n";
close MF;
}

Notes:
1- This script emails a short report to root. It would be a good idea to change it to your own user.
2- I am not a perl geek, but I love to code in perl. If you think you can optimize this code, go ahead and do it.
3- I am using Postfix. You may need to check the lookup string if you are using other MTAs.
4- Depending on your mail server traffic, you may change the number of lines in tail. I check last 50 lines.
5- I run this script every fine minutes from cron. Again, depending on your mail traffic you may want to change this.
6- Suggestions? Post it to comments of this entry.

Steve Freidl has posted another useful tip to block spammers using Postfix.
It explains that many times spammers does not specify their real hostname in HELO or EHLO smtp commands, they use YOUR address instead! So you can easily block them using some simple rules in postfix to reject connections that identify theirself as you!
Read it here.

I blocked SOBIG.F worm on our mail server (Postfix on FreeBSD) using header_checks feather in Postfix. This way we discard emails with specific subjects to reduce the worm effect.

mail:~# zcat /var/log/maillog.* | grep -i sobig | wc -l
1022

1022 infected emails in a couple of days, for a not so busy mail server (say 1000 mails per day) is too much.

I wonder if anyone else has done such measurement on their mail traffic to see if they are receiving this high volume of infected emails.