smashedbug.com, tech music and geek news

Back in August 2004, I wrote an article that outlined my spam/virus mail server configuration. Through the use of quality realtime-dns-blacklists, spam assassin w/custom rules, proper SMTP handshake policy and clam-av virus scanning — I was able to create a solution that worked REALLY well.

While these techniques are still used and still able to produce quality results — sometimes thats just not good enough. As a result, more and more spam has been slipping through the cracks — a run-down of the issue:

1. Realtime-DNS-Blacklists — great when you have a known mail server that is responsible for huge amounts of spam. But over the past year, the rate that Windows machines have been compromised increased significantly. These “zombie” machines have started to be activated and started pushing out spam. These spam messages are sent either via the computer (if the ISP keeps port 25 open) or via the ISP’s mailservers. Given the huge amount of compromised Windows machines, it has proven to quite handily defeat this type of protection.

2. Context-based filtering (SpamAssassin) — SpamAssassin is good, but its a sitting duck. It is easily tested against and given its popularlity, many spammers will create emails that are able to pass SpamAssassin’s filters (or at best, minimize the score a spam will receive). As a result, these types of spam messages have been getting past the filters on a more regular basis.

3. Viruses (ClamAV) — still doing a great job. The team behind ClamAV gets my highest regards! I have been able to cancel expensive commercial antivirus subscriptions and had no qualms about touting the virtues of ClamAV to the competitions sales reps The use of ClamAV has expanded tremendously since the first I used it and the team has been innovative in getting updates pushed out in a very timely manner (much faster than the competition).

So whats the solution? Perhaps the latest addition to the chain: greylisting.

What is Greylisting?
Greylisting is a process of temporarily rejecting emails. This occurs when a sender is not on the filter’s “whitelist”. This works quite high in the chain of events (I’ve placed this behind the SMTP HELO filters and in front of the DNS RBL filters (see previous article for additional info)).

As a result the SMTP conversation goes something like this:

Connected to domain.tld.
Escape character is ‘^]’.
220 domain.tld ESMTP Postfix
HELO mydomain.tld
250 domain.tld
MAIL FROM:
250 Ok
RCPT TO:
450 : Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/domain.tld.html)
221 Bye
Connection closed by foreign host.

As you can see, once the sender and recipient are known, this information is past to the greylist filter which compares this against an internal database. If the sender is not in the database, it will do a temporary reject (error code 450) and make a note of this in the database. If this user connects within 300 seconds, it will continue to reject. If this same user attempts to transmit after 300 seconds, it will allow the transmission to occur.

So whats the big deal? Most spammers use specialized mail sending routines to get as many emails sent as quickly as possible. As a result, if an email gets rejected, instead of having a queue that retries a transmission, they will most likely simply discard the email and not retry. Legitimate email servers are more concerned about getting the email transferred (a temporary error code is not uncommon (ie exceeded quota, too many connections, no disk space or other conditions might result in a temporary rejection).

As a result, legitimate emails get delivered (eventually) while spam emails get rejected without significant resource usage on the mail server. Brilliant!

According to various sites on the Internet, the use of a greylist is VERY effective. While there are some downsides (such as remote mail server not handling temporary rejections properly), these are minimized by many greylist filters providing a default list of known non-compliant services. In addition, most filters (including postgrey, the one I am currently evaluating) provides a link to describe why an email was rejected and how to fix the issue.

After announcing that the majority of the major features of Longhorn would either not ship with Longhorn or be significantly reduced in functionality, Microsoft has announced a NEW feature!

Apparently the “future” is RSS or “Really Simple Syndication” a technology originally developed by Netscape in 1999. RSS defines a standardized XML format for publishing content. This format has been integrated in many open source tools such as the Mozilla Suite, Firefox, lots of open source online blogs, calendars, news system and the latest being tight integration with KDE via Konqueror, Akregator and other core technologies.

Perhaps if you want to see the features Longhorn and future Microsoft operating systems will provide today, its best to install KDE? hehehe..

The 25th Top500 list was released today at the 20th International Supercomputer Conference in Heidelberg, Germany. I found an interesting link that showed many pictures of the SystemX install, ranked 14th supercomputer on the new list.

AMD and the chip wars..

AMD still leads in performance. Their new FX-57 chip — their fastest single core chip available, simply kills fastest Intel chips. With AMD already talking about quad-core Opteron chips and Intel still trying to catchup, it appears that Apple will still be behind in performance even after going “Intel Inside” next year. Though I suppose it *might* be interesting to see a dual quad core processor config in their high-end machines (lets see .. 3.8ghz x 8 = 30.4Ghz of Photoshop power!

Insecure Security

The security companies finally out-did themselves. According to BusinessWeek there are officially MORE critical security issues in security software than in Microsoft products. Granted, for most Microsofties, they will be running LESS “security” software (ie you wouldn’t be running F-Prot, Symantec and McAfee on the same system) so their Microsoft software still makes their system more vulnerable .. but still…. Isn’t it about time we just kill Windows? The fact that people still load Windows up on their home computers and store financial information and other sensitive information on these machines and do not see malware as a concern truly makes me think we should REQUIRE people who want to put their Windows machines online to past an exam (or get their heads examined). The fact that Microsoft still releases Windows XP Home with the default user as administrator is unexcusable.

KDE Going Windows

A team is working on porting KDE to Windows. After TrollTech released a GPL version of their core toolkit for Windows, it was only a matter of time to start getting the KDE environment ported. Once this project is complete, it will provide a substantive bridge to those wanting to transition to a non-Windows OS. Once this occurs, Windows users will have access to a wide variety of GPL software including Kontact (PIM), Kmail (mail client), Kopete (instant messenger), Juk (great jukebox/id3 tag editor), Amarok (great music player for those that like pretty pictures), KOffice, Konqueror (perhaps the most advanced file manager in existence) and the huge array of other KDE apps.

OpenUsability.org

The OpenUsability team is focused on assisting open source developers to enhance the usability of their applications. The team got together with the KPDF team to enhance the native-KDE PDF viewer application. This type of interaction is great. It provides developers with much needed insight as to how their programs are being used and how to enhance the interfaces of their programs to make them more usable.

Well its now official.. the third big transition in the Macintosh line is going to be from the PowerPC chips to Intel chips.

Lets take a look at an Apple computer of today compared to an x86 system:

Industry Standard PCI/PCI-X System Bus
Industry Standard Dual Channel DDR Memory (PC3200)
Industry Standard AGP video
Industry Standard Firewire
Industry Standard USB 2.0
Industry Standard SATA Drives
Industry Standard IDE DVD/RW drive
Industry Standard Video Cards (nVidia/ATI)
Industry Standard Network (10/100/1000 Wired/802.11G Wireless)
Industry Standard Bluetooth connectivity
Industry Standard Sound (Optical In/Out, Analog In/Out)
Industry Standard Modem Port
Industry Standard Video Connectivity (DVI/Analog VGA)

Non-standard PowerPC G5 Processor/Motherboard
I *believe* non-standard Powersupply (different Motherboard connection)

So from a hardware point-of-view, by switching to Intel chips, ALL major components would be industry standard components. It is widely considered that personal computer hardware is considered “commodity” and as a result, thin profit margins.

Right now, I can go out and buy 1/2 gig of ram for $20-$30, 160GB hard drives for $50, 3.2Ghz processor WITH motherboard for $189, 108Mbps wireless routers with cards for under $100 … well you get the point.. Big cost up front, tight margins — and undoubtedly, it will get tighter.

My point? Smart business dictates that either you lead as a hardware manufacturer and can dictate pricing, reposition the business or die. I don’t see Apple as a strong hardware company. Sure, their software is great and tends to be the bleeding edge of innovation, but if you look at that list, their hardware is just the standard that can be found in pretty much any other box. Its commodity in a shiny case.

Over the past few years you have seen their ability to demand a premium dwindle to the point where nowadays it is price competitive — they are unable to demand the larger profit margins. In addition to this, they don’t have a chip that can adaquately power low end machines or laptops. This is a huge problem and most likely a driving factor th deciding to switch from the PPC chip completely after many issues over the lifetime of use of the PoewrPC chip.

Ultimately I think Apple has decided to go software and services in a huge way. They beefed up their highend software (final cut, logic, shake, etc..), continue to invest in their consumer/business software (pages, keynote, etc..) and continue to push their operating system to new standards of ease of use, functionaility and productivity.

Maybe just maybe they have sufficiently built up their software and services portfolio to start to wind-down the commodity hardware business. This might very well be their first step to that end — transition the software base to x86-64 and open up the backend to allow other OEMs to build Apple qualified systems.

Return of the Clones coming soon to a computer retailer near you. Hopefully this time will be much more rewarding than the mid-90’s… get us back to a true hetrogenous computing environment.