Category — Uncategorized

Having worked in networking for four years and systems for nigh on six, the last thing in the world I want is some ‘simple’ way to configure my iptables rules.

Having been a Fedora user since way back when it was Redhat 4.2, what I want is the Fedora / Redhat way of putting all of my rules into a single file and having the damn thing do an ‘iptables-restore’ from the file I create.

I finally got really irritated with ufw, went hunting for a solution and found the ‘iptables-persistent’ package within apt which does exactly what I want. Rather than the Fedora ‘/etc/sysconfig/iptables’ you have ‘/etc/iptables/rules’ which does exactly what I both want and expect.

Perhaps this Ubuntu thing isn’t all that bad after all, I’m just still learning how to smack it in the right way to make it do what I want though.

So I spent some time a long while back working out how to make my Squeeze Box Server / Squeeze Centre to work with the enforced web cache / proxy required by my previous ISP

What you’re looking for is the server.prefs file line:

webproxy: proxy.example.com:8080

This caused me some aggravation to find, so I hope it will help you.

If you’ve had your head in the sand for the last week, IronMan MkII goes live tomorrow evening!

See my original post at http://idn.per.ly/2010/04/03/12/ for the full low down.

We’ll be having an online hack on the IronMan code tomorrow night starting at around 19:00 BST and putting it live once we’re happy any show stopping issues are dealt
with.

Come and help out – we’ll be online at irc.perl.org in our very own
#northwestengland.pm

Remember that you don’t need to be an expert in the project or code to make valuable contributions in how things look and operate, features that we’ve missed or things that look a bit unfamiliar compared to the existing site.

The project todo list can be found at:

http://dev.catalyst.perl.org/repos/bast/ironman/branches/mk-ii/IronMan-Web/todo.pod

That’s right! T minus 7 days and counting for the new IronMan!

See my original post at http://idn.per.ly/2010/04/03/12/ for the full low down.

Seems I screwed up posting the original article, so apologies to those who saw it but were unable to read the contents when it was posted.

The time is nigh and soon it will be the first anniversary of the IronMan blogging project (18th April 2009).

The North West England Perl Mongers group have been working on a replacement codebase for IronMan since the December Hackday in 2009.  This will permit us to replace the existing Plagger installation with a Perlanet data gatherer along with a Catalyst based web UI that can host blog archives and improve the general usability of the site.

So let’s start by giving a link to the lightening talk I gave at the NWE.pm March 2010 technical meeting which details the system architecture and components.

So, if you missed it in the presentation, checkout the beta site. We’re looking to launch this site to the live IronMan site on the 14th of April 2010 and would appreciate comments and even patches if you’re so inclined (repository at http://dev.catalyst.perl.org/repos/bast/ironman/). It seems to be a social meeting for NWE.pm on the 15th of April so we’ll be having a small celebration of the release

Comments to #epo-ironman on irc.perl.org or indeed on this blog if that doesn’t take your fancy.

Further considerations and possible features:

• Language tagging of posts to enable filtering and possible translation (See comments here and also here)
• Archives of all posts (the future http://all.things.per.ly)
• Improved spam handling

Comments have been made regarding the competitive nature of IronMan. I’m sure that mst and mdk had comments about this and were talking about introducing a set of new badges for those who don’t wish to partake in the competition but still wish to have their blog aggregated or indeed archived may still do so.

Finally, I’d like to take a moment to say a big thankyou to a few people (in no particular order):

• Mark Keating (mdk)
• Matt Trout (mst)
• Iain …(iain)
• Graham …(grim)
• Carl … (fade)
• Oliver … (aCiD2)
• Jess Robinson (castaway)
• Dave Cross (davorg)
• YOUR_NAME_HERE (that’s my own very special way of thanking those I’ve missed, and also those who will volunteer… oh my, yes…)

So I’ve spent some time researching how to implement rejection of spam at different scores based on the recipients of a given message.

http://wiki.exim.org/ExiscanExamples#Having_multiple_content_scanning_profiles_for_several_users_or_domains

We didn’t like options A or B and option C isn’t sensible in this day and age.

Option D. For a given message, reject at the highest score for the given list of recipients. If a@example.com has a reject of 18, and b@example.com has a reject of 25 then a message sent to both will have a reject of 25. This isn’t ideal and it certainly doesn’t provide the detailed per user settings potentially available within spam assassin, but it’s certainly a reasonable compromise.

So, how do we do this?

Let’s define an expansion variable that we can re-use:


SPAM_REJECT_SCORE = ${lookup {${lc:$local_part@$domain}} lsearch* {/etc/spam-reject-scores} }


From this, we can see that we’re using a plain text aliases style file with a search for a default value if no match is found (that’s what the * does):


b@example.com: 25
*: 18


Now we add the following to the acl_smtp_rcpt (which may be called something different, find the ‘acl_smtp_rcpt =’ line in your config) ACL:


# If the acl_m0 isn't set, get the value from SPAM_REJECT_SCORE and set it.
accept condition = ${if def:acl_m0 {0}{1}}
set acl_m0 = SPAM_REJECT_SCORE

# If the SPAM_REJECT_SCORE value is higher than acl_m0, set it to the value from SPAM_REJECT_SCORE
accept set acl_m0 = ${if > {SPAM_REJECT_SCORE} {${acl_m0}} \
{SPAM_REJECT_SCORE} \
{${acl_m0}} \
}


Shiny! Now we need to do something with it to reject messages, so this is what I’ve got in my acl_smtp_data (which again might be named differently):


# Reject spam at high scores - value is an INTEGER!!!!
deny message = This message scored $spam_score spam points.
log_message = exceeded spam threshold with $spam_score points.
spam = nobody:true
condition = ${if >{$spam_score_int}{${eval:$acl_m0 * 10}}{1}{0}}


You’ll notice that the value is multiplied by 10 to turn it into an integer for comparison with the value returned by spam assassin. This bit me first time I tried to do this.

So testing should give you something like this:


[root@localhost ~]# exim -bh 209.85.229.17
..
220 localhost.localdomain ESMTP Exim 4.69 Tue, 23 Feb 2010 09:34:09 +0000
helo mail.google.com
250 localhost.localdomain Hello ww-in-f17.1e100.net [209.85.229.17]
MAIL FROM: bob@example.com
250 OK
RCPT TO: a@example.com
..
>>> processing "accept"
>>> check condition = ${if def:acl_m0 {0}{1}}
>>> = 1
>>> check set acl_m0 = ${lookup {${lc:$local_part@$domain}} lsearch* {/etc/spam-reject-scores} }
>>> = 18
>>> accept: condition test succeeded
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
Subject: !!!!!!PENIS ENLARGEMMENT!!!!11!!! cialis levitra soma
To: a@example.com
From: "Pammer, S"


Test SMTP session
GET YOUR VIAGRA HERE!!!!!!!!!! PORNOGRAPHY
see the attached file for details
viagra express Online Pharmacy No prescription needed No prescription needed
.
...
>>> processing "deny"
>>> check spam = nobody:true
>>> check condition = ${if >{$spam_score_int}{${eval:$acl_m0 * 10}}{1}{0}}
>>> = 1
>>> deny: condition test succeeded
>>> unspool_mbox(): unlinking '/var/spool/exim/scan/1NjrI5-0000FW-Ow/1NjrI5-0000FW-Ow.eml'
550 This message scored 20.4 spam points.
LOG: 1NjrI5-0000FW-Ow H=ww-in-f17.1e100.net (mail.google.com) [209.85.229.17] F= rejected after DATA: exceeded spam threshold with 20.4 points.


Similar test to b@example.com finishes with:


>>> processing "deny"
>>> check spam = nobody:true
>>> check condition = ${if >{$spam_score_int}{${eval:$acl_m0 * 10}}{1}{0}}
>>> = 0
>>> deny: condition test failed
>>> processing "accept"
>>> accept: condition test succeeded
>>> unspool_mbox(): unlinking '/var/spool/exim/scan/1NjrKA-0000FZ-Q8/1NjrKA-0000FZ-Q8.eml'
LOG: 1NjrKA-0000FZ-Q8 <= bob@example.com H=ww-in-f17.1e100.net (mail.google.com) [209.85.229.17] P=smtp S=1941 from for b@example.com
250 OK id=1NjrKA-0000FZ-Q8

**** SMTP testing: that is not a real message id!


No pink meat was harmed in the making of this post…..