Adding a CAPTCHA to a form using Seam is easy now that Seam is bundling jCaptcha.

The Seam documentaiton is good, and can be found in section 13.9 here:

http://docs.jboss.com/seam/2.0.0.CR2/reference/en/html/security.html#d0e7755

If you used seam-gen to create your project, you will need to make a few changes.

First, you need to modify your project's ant build script to deploy the captcha jar into your ear (or possibly .war). In the target "ear" of the build.xml file, you will find a list of many jar files being copied from your project's lib directory into the ear. Simply add the captcha jar to that list, like this:

<include name="lib/jcaptcha-all-1.0-RC6.jar"></include>

Now that the jar is deploying, you need to reference it in the application.xml file found under your project's resources/META-INF directory. Add this entry:

<module>
<ejb>lib/jcaptcha-all-1.0-RC6.jar</ejb>
</module>

If you used seam-gen you will find that the Seam Resource Servlet is already defined in your web.xml so the step defined in the documentation in section 13.9.1 is not necessary.

(more...)

This post is mostly to help me remember how to do this, if the situation arises again.

I just had a lot of mail backup on my server. The 10MinuteMail inbox was over 300 MB (usually it kept below a megabyte), Postfix's active queue was maxed out at 20,003 entries (why the 3, I don't know), and the incoming queue was another 20,000+. Basically everything was all backed up. I'm not 100% sure how this condition gets started. I've seen it a few times on my old server when super high volumes of incoming mail deliveries combined with other sites I hope serving up high bandwidth to end users. This is the first time it's happened on the new server. It may be time to change out the domain that the 10MinuteMail e-mail addresses are using.

Regardless, using qshape I was able to identify a handful of from addresses (presumably either spammers or a cyclic bounce issue) which accounted for over 8,000 of the mail in the active queue. By using the following command I was able to purge out just those messages from the queue:

mailq|awk ' /^[0-9A-F][0-9A-F]*.*error.mag2.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d

Where error.mag2.com is the domain, or from address you wish to delete. This works pretty well. I may whip up a bash script to handle this in the future.

For reference, the worst offenders are:

1. magerr.combzmail.jp
2. prjapanmail.jp
3. error.mag2.com
4. accessmail.jp
5. mayld.net

Why so many from Japan? I have no idea....

When I launched 10minutemail.com, tons of forum admins decried the idea. They screamed that it would let spammers on to their forums, and that they wouldn't sell e-mail lists to spammers, etc...

A month goes by, and let's see what we have. My server used to get around 200-300 e-mail a day. In the past week it averaged 20,000-30,000 e-mail a day. Virtually all of those were to old (expired) 10minutemail.com accounts. Presumably virtually all spam. 30,000 a day!?

This proves that the average person simply CAN'T trust a random site or forum with their real e-mail address. Are there some forums/sites that are trustworthy? Sure! Does the average net user have any ability to tell with certainty if a given site or forum will sell their e-mail address or spam them direction? Unfortunately not.

For me at least, this reiterates the usefulness of the service.

In order to save my server from the crushing spam, I've swapped out the e-mail domain to fificorp.com, and will continue to swap out the e-mail domain on a regular basis. This will serve two purposes. One, it will save my server from dying under the spam. Two, it will keep admins who block registrations by domain on their toes at least once a month.

Note: Fifi is my pet iguana.