Skip to content

Mail Server, Spam Blocking and firewalls

Dear Reader,

You may or may not know that I run a web hosting service and Internet design company in all of my spare time. This affords me the opportunity to do some interesting things like have long discussions on forums with other admins about the relative value to blocking spam at the firewall .vs the MTA. Thanks to Jeff Lasman those of us who use DirectAdmin and exim have a new SPAM fighting tool, the SpamBlocker configuration file for exim. It’s a great piece of work. If you run exim, even if you don’t run DirectAdmin, it’s worth a read just to see all the good ideas in one place.

Jeff just recently released version 2.0 of the file and while discussing it, our attention turned to blocking spam at the firewall instead of at the MTA. Obviously, it takes less resources but since a lot of spam comes from dynamic IP addresses (evil zombies) you don’t want to block those IP from your server forever or eventually no-one will be able to get to your site. Also, there are several problems that I’ve yet to overcome technically, not the least of which being that exim runs as a non-privileged user (as it should) but this precludes it from executing iptables. So, for the moment, I’m left with a less than optimal but perfectly workable solution.

1 – You need Jeff’s SpamBlocker conf file for exim. If you don’t run DirectAdmin, you will have to modify it to suit your needs but it’s well worth the effort. If however, you don’t want to start from scratch with a new conf file, this idea will work with just about any exim.conf file for 4.50 or better. (it may work with any version of exim 4.x but I’ve not tested it.)

It’s important at this point to say that before you implement this make sure exim is working 100% and then back up your conf file. if nothing else, email it to yourself. It gives you a backup AND you know it’s working! :)

2 – Ok, so you have a working exim.conf file. Now let’s tinker with it. Somewhere in your acl_smtp_rcpt (in SpamBlocker it’s the check_recipient ACL) you need to put the following:

#
# Blatantly stolen from
# http://www.configserver.com/free/eximdeny.html
# Many props and thanks guys.
#
# If they added themselves to the file below, let's block them for Dict Scan!!!
deny  message       = Blocked because your address is being used for a dictionary attack.
hosts         = /etc/exim_deny
!hosts         = +relay_hosts
!authenticated = *
delay         = 150s
log_message   = Blocked because of dictionary scan.

deny  message       = Max $rcpt_fail_count failed recipients allowed
condition     = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
condition     = ${run{/etc/dictscan.pl $sender_host_address}{1}{1}}
!hosts        = +relay_hosts
delay         = ${eval: ($rcpt_fail_count) * 30}s
log_message   = Dictionary scan! $rcpt_fail_count failed recipient attempts

If you are using SpamBlocker like me, consider putting it below:

# accept mail to hostmaster in any local domain, regardless of source
accept  local_parts = hostmaster
domains     =+local_domains

3 – Ok, save that. Now, download dictscan.pl and save it in your /etc dir. Make sure it is executable by the user account that your exim runs under.

4 – create the file /etc/exim_deny and make sure that it is writable by the account that your exim runs under.

5 – Restart exim

At this point you should have a working solution. There are a couple of things you might want to do.

First, as Jeff pointed out, neither executables nor storage files should be in your /etc. Hey, I didn’t write it and I’ve been too lazy to change it up to this point. But he’s right and you should move the executable somewhere appropriate and the exim_deny file to somewhere in your /var directory.

Second, if you don’t watch it, exim_deny is just going to keep growing and growing. Since I hate manually editing files as much as the next guy I wrote a little php script to do it for me.

Download and save on your server as a php file. Make sure the reference to the php interpreter is correct and if you move the exim_deny file, change it here too. Now, after you run it a few times to make sure it works the way you want it to, drop it in your cron and forget it. Run it as often as you like. Hell, fire up PuTTY and run it in the middle of the day if you get bored. FWIW, I run it every night about 3 AM. (and if my boss is reading this, as far as you know I don’t run it in the middle of the day because as far as you know I’m not bored.) :)

That’s it. Like I said, it’s not a perfect solution. Blocking the IP addresses at the firewall is a much more efficient solution. Especially if you have a busy server that gets attacked a lot. But I present it here for you because it worked for me. I encourage you to drop me a line with any improvements. I’ll make sure and share them.

Until next time,

(l)(k)(bunny)

=C=

Fade Anything Technique Extended Edition 2.0

Dear Reader,

Ok, it’s finally done. Sorry it took so long but life intervenes. Here is my take on the wonderful code to fade things. You may have seen this technique in my previous blog entries. Or in some of the lesser known places like basecamp (who inspired the original author) or the original author’s page. No matter where you saw it, here is the WordPress plugin to let you use and abuse this effect in your blog.

A sample of the effects that can be used to annoy can be found here. The official project page can be found here. You can download the tar file here.

To install:

  1. Download the tarball to your wp-content directory.
  2. Untar. This will place wp-fatter.php in your plugins directory and fatter2.js in your wp-content directory.
  3. Move fatter2.js into your javascript directory. (Or wherever you keep your javascript files.)
  4. Activate the plugin
  5. From the Admin section of WordPress go to Options->FATtER. Check the options listed making sure they have the values you want. Pay careful attention to the location of the script. If this isn’t right, the effect won’t work. Once everything is correct, Click Update to commit the values to the database.
  6. Start using the effect. There are several examples in the .js file of how to call it, the easiest is to wrap a piece of text in a span tag with a unique ID (anything as long as it’s unique for the PAGE) and a class of “fade”.

I hope you enjoy using this as much as I did creating it. For those curious, I originaly wrote this because when I would encode secret messages of undying love into blogs for wife v1.22 – the lovely and talented Kathy – she sometimes didn’t see them. So I had to make them a little less secret and a little more obvious.Until next time,

(l)(k)(bunny)

=C=

Front-end .vs Back-end

Dear Reader,

I was reminded yesterday of a truth that I think too many developers forget. “The best back-end in the world is useless without a good front-end.”

I’m the first to admin that I’m a middle-tier and back-end programmer. I don’t do front-end interfaces well at all. So it’s natural for me assume that the back-end is the most imortant part of the application. Let’s face it, a well executed calss library is a thing of beauty. Everybody should be able to appreciate that; right? However, being married to a graphic designer (The lovely and talented Kathy) I am constantly reminded that this is only true when I’m writing shell-scripts. (and possibly not even then)
Well coded back-ends are great but without a usable interface, they just won’t get used.

I know it’s not a unique thought, I know I’m not the first one to have it. I also know that developers need to be reminded of it regularly.

Until next time,

(l)(k)(bunny)

=C=

Something to watch

Dear Reader,

YAML Ain’t Markup Language is a new data transport format that looks to be easy to use. It’s meant to supplant XML which is a bugger to program with. I’m not sure why I would want YAML over JSON. When working in JavaScript, JSON is just so elegant. I work in PHP on the back-end and JavaScript on the front-end, there are JSON implementations for both and it took me less than 10 minutes to get them both installed and passing info when I wrote my test app.

All that having been said, YAML is working closely with JSON to integrate the 2 formats so it could be that JSON morphs into YAML soon anyhow.

But anyhow…
(l)(k)(bunny)

=C=

AJAX Frameworks and toolsets. My initial thoughts.

Dear Reader,

Over the holidays I spent a lot of time researching AJAX. Being a PHP developer I looked at everything I saw through the glasses of “How well does this integrate with what I’m doing now?”

I’ve boiled all the frameworks, tool sets and class libraries I looked at down into 2 categories; 1) Back-end centric and 2) Front-end centric.

(more…)