Spam

/Spam

Please Stop Using Yahoo Mail

Yahoo mail servers have been consistently delaying or rejecting e-mails for over a year. You can read about it here:

http://www.ahfx.net/weblog.php?article=107

Or just Google for “4.16.50”.

The short of it is that even with a low volume personal mail server, with the correct spf records, without running an open relay, without being blacklisted by ANY blacklist site/service, Yahoo still won’t deliver e-mail from you. And they aren’t responsive about addressing the problem.

So please, if you use Yahoo mail, switch to GMail. You’ll like it more, and more importantly, you’ll actually get e-mail people are trying to send you.

SPAM Filtering

I get a lot of SPAM. I’ve had the same e-mail address for 10 years, and I don’t hide it.

In general, I’m very happy with a combination of spamassassin running on the server, and OS X Mail.app’s SPAM filtering on the client. In order to avoid losing false positives I have a Junk folder (I use IMAP). Spamassassin re-writes the subject lines of the e-mails to be prefixed with “

[SPAM]”. Mail.app sorts those messages into the Junk folder and marks them as read. Just like it does with the messages it determines are SPAM.

The problem with this, is that until Mail.app checks my inbox, all that SPAM is sitting there, in my inbox. This shows up on my iPhone, and webmail. Lately, I’ve been working from coffeeshops, outside, the kitchen, etc… with the net result being that my laptop is spending more and more time sleeping (hence: not running Mail.app). So my iPhone alerts me that I have 20 new e-mail, but they’re all SPAM.

So I decided to see if I could get spamassassin to not just mark SPAM, but also file it away in the Junk folder. While spamassassin can’t do this, procmail can.

I added this to my user’s .~/procmailrc file:

# Mark spam as read
:0
* ^X-Spam-Status: Yes
{
	:0 fhw
	| formail -I"Status: RO"

	:0:
	mail/Junk
}

after my existing spamassassin invocation:

# Run everything through spamassassin
:0fw
| /usr/bin/spamassassin

What that is, is a conditional rule, based on the Spam-Status header being set to Yes (which is set by spamassassin). It then executes two actions. The first uses formail to mark the e-mail as read. The second moves the mail into the Junk folder (I use mbox – if you use maildir you need to change this action to a slightly more complex one which you can Google for).

This works nicely. Now the SPAM found by spamassassin is marked as read, and moved into my Junk folder on the server, instead of waiting for Mail.app to do that.

However, once I got this working, the number of e-mails which slip by spamassassin to be caught by Mail.app, began to bother me. With the old system, it really didn’t matter who caught the SPAM, as long as it was caught. With the new system, any SPAM not caught by spamassassin, ended up polluting my inbox.

I discovered a couple of things. First, I installed razor and pyzor to help with scoring. I also increased the spamassassin scores of some ED drug rules in my spamassassin user_prefs:

score DRUG_ED_CAPS 15.00
score DRUGS_ERECTILE 10.00
score DRUG_ED_COMBO 10.00
score VIA_GAP_GRA 10.00
score NO_PRESCRIPTION 10.00

This helped, but by testing on individual items of spam which were being missed by spamassassin (culled from my Junk box, without the [SPAM} subject addition i.e. those caught by Mail.app), using the following test command:

spamassassin -t -D < /tmp/spam

Where /tmp/spam is a file containing the raw message text from a single spam e-mail.

I discovered that the auto-whitelist (a misnomer, it's actually an automatic scoring system designed to allow past history to average out any score spikes from the same sender), was pushing the SPAM score DOWN on many of these e-mails. Often past the spamassassin threshold, so they were mistakenly considered HAM instead of SPAM.

While the AWL can do some odd things, at least on my box it's clearly broken. Testing with a new SPAM mail, where the first run had zero input from the AWL rules, and the SPAM ended up with a SPAM score of 20 (which is definitely SPAM), I found that immediate subsequent runs against the SAME mail, had the AWL contributing a -6.9 score, against the positive 20 SPAM score. Clearly, that's wrong. Why it was doing that, I dont''know, so I just turned it off.

Again, in my spamassassin, user_prefs:

use_auto_whitelist 0

All is well. So far 100% of SPAM has been caught by spamassassin, on the server, tagged, marked as read, and moved into the Junk folder. With no false positives or false negatives.

So I'm happy.

CAPTCHA with Seam in Three Minutes

Adding a CAPTCHA to a form using Seam is easy now that Seam is bundling jCaptcha.

The Seam documentaiton is good, and can be found in section 13.9 here:

http://docs.jboss.com/seam/2.0.0.CR2/reference/en/html/security.html#d0e7755

If you used seam-gen to create your project, you will need to make a few changes.

First, you need to modify your project’s ant build script to deploy the captcha jar into your ear (or possibly .war). In the target “ear” of the build.xml file, you will find a list of many jar files being copied from your project’s lib directory into the ear. Simply add the captcha jar to that list, like this:

Now that the jar is deploying, you need to reference it in the application.xml file found under your project’s resources/META-INF directory. Add this entry:


lib/jcaptcha-all-1.0-RC6.jar

If you used seam-gen you will find that the Seam Resource Servlet is already defined in your web.xml so the step defined in the documentation in section 13.9.1 is not necessary.

(more…)

How to cleanout your postfix queues by sender

This post is mostly to help me remember how to do this, if the situation arises again.

I just had a lot of mail backup on my server. The 10MinuteMail inbox was over 300 MB (usually it kept below a megabyte), Postfix’s active queue was maxed out at 20,003 entries (why the 3, I don’t know), and the incoming queue was another 20,000+. Basically everything was all backed up. I’m not 100% sure how this condition gets started. I’ve seen it a few times on my old server when super high volumes of incoming mail deliveries combined with other sites I hope serving up high bandwidth to end users. This is the first time it’s happened on the new server. It may be time to change out the domain that the 10MinuteMail e-mail addresses are using.

Regardless, using qshape I was able to identify a handful of from addresses (presumably either spammers or a cyclic bounce issue) which accounted for over 8,000 of the mail in the active queue. By using the following command I was able to purge out just those messages from the queue:

mailq|awk ' /^[0-9A-F][0-9A-F]*.*error.mag2.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d

Where error.mag2.com is the domain, or from address you wish to delete. This works pretty well. I may whip up a bash script to handle this in the future.

For reference, the worst offenders are:

  1. magerr.combzmail.jp
  2. prjapanmail.jp
  3. error.mag2.com
  4. accessmail.jp
  5. mayld.net

Why so many from Japan? I have no idea….

Spam

When I launched 10minutemail.com, tons of forum admins decried the idea. They screamed that it would let spammers on to their forums, and that they wouldn’t sell e-mail lists to spammers, etc…

A month goes by, and let’s see what we have. My server used to get around 200-300 e-mail a day. In the past week it averaged 20,000-30,000 e-mail a day. Virtually all of those were to old (expired) 10minutemail.com accounts. Presumably virtually all spam. 30,000 a day!?

This proves that the average person simply CAN’T trust a random site or forum with their real e-mail address. Are there some forums/sites that are trustworthy? Sure! Does the average net user have any ability to tell with certainty if a given site or forum will sell their e-mail address or spam them direction? Unfortunately not.

For me at least, this reiterates the usefulness of the service.

In order to save my server from the crushing spam, I’ve swapped out the e-mail domain to fificorp.com, and will continue to swap out the e-mail domain on a regular basis. This will serve two purposes. One, it will save my server from dying under the spam. Two, it will keep admins who block registrations by domain on their toes at least once a month.

Note: Fifi is my pet iguana.