Posts with this logo use 
Low-functioning pinhead...
June 29, 2003
The Spam Legacy
This is a slightly convoluted tale of spam and the troubles it causes.
SMTP AUTH is the standard for Authenticated SMTP. Back in the “old days,” email delivery was a cooperative process, with each mail server relaying mail onward to its destination. Then came the spammers, who exploited the “open” nature of SMTP to have other people’s mail servers deliver their spam. So mail servers had to be reconfigured to relay only for specific hosts, or for clients which properly authenticated themselves. Hence the need for SMTP AUTH.
When I first got my iBook, I wanted to set it up to use SMTP AUTH, with golem as the outgoing mail server. At the time, Mail.app’s SMTP AUTH support was broken. But, since MacOSX is Unix, that was no problem. I just told Mail.app that the mail server was localhost and configured sendmail on my iBook as a nullclient, using SMTP AUTH to forward all mail to golem.
Eventually, Apple fixed Mail.app’s SMTP AUTH support. But I kept using the above-mentioned system because it was more convenient. I could “send” emails while offline, and have sendmail queue them up for delivery as soon as I got back online. Worked great, and never gave me a lick of trouble.
Imagine my shock on this trip when I discovered that all of the emails I had “sent” out over the course of two days were still queued on the iBook. None had gone out, despite having a working DSL connection! The reason, it turned out, was that Covad DSL filters all outgoing traffic on port 25 (SMTP). Sendmail on the iBook kept trying to contact golem, but the connection kept timing out.
Why is Covad doing such a seemingly dumb thing? Because spamming technology has evolved. Another favourite spammer technique is to use a program which directly contacts the recipient’s mail server, bypassing the spammer’s ISP’s mail server (which might, say, limit the number of outgoing messages per second!). Instead of going after the spammer for violating Covad’s AUP, they decided to simply block all outgoing SMTP traffic. Spammers can’t send their “direct-to-MX” spam, but “roving” users like myself can’t contact their home mail server either.
What to do? Turns out it’s time to ditch sendmail, and reconfigure Mail.app to contact golem, not on port 25 (SMTP), which is blocked, but on port 587 (MSP) which, mercifully, Covad has left unblocked.
I post this hint because, even if you are doing everything right (using authentication, not running an open mail relay, …) you will eventually get screwed — if only indirectly — by the spammers. And I doubt that more than one person in a thousand knows that, in addition to listening as an MTA on port 25, sendmail also listens as an MSA on port 587.
P.S.: This post was composed with the latest version of Kung-Log, which uses the recently-released Webcore rendering engine (i.e. the same one used in Safari) for previewing. Sweet!
June 26, 2003
No Lawnmowers
That’s one of the long list of prohibited items in your checked luggage. With self-service check-in now standard, my conversation with the clerk at the American Airlines counter consisted of some exchanged hilarities about the laminated sheet of prohibited items (complete with little pictures).
I’m off to Palo Alto (on family business), and there’s no more high-tech experience that flying the Nerd Bird from Austin to San Jose. The woman next to me has a laptop, a cell phone, a Palm Pilot and a digital camera with a stack of SmartMedia and a USB cable — all operating simultaneously. To complete the look, she’s wearing a high-tech surgical mask.
Last night, I was using Google to do a little background research on MAO Inhibitors (not for me, thank God!). They inhibit the breakdown of tyramine, an amino acid present varying levels in a weird assortment of foods. Too much tyramine in your bloodstream can lead to a surge in blood pressure, brain hemorrhage and death. So folks using MAOIs have to be very careful. Interestingly, I found that the top-listed hits (and much of the most useful information) came from web sites selling (or extolling) shrooms. I’ll leave the organic chemistry involved in that little association as an exercise for the reader.
June 25, 2003
Random WWDC Thoughts
Watched Steve’s WWDC Keynote and, after the RDF wore off a bit, here are my thoughts:
- The G5 is a great relief. Thanks to IBM, Apple finally has a next-generation 64bit CPU to replace the aging G4 (without a hint of irony, I am writing this post on a G3-based iBook). And they’ve built a kick-ass system around it. What surprised me was the absence of a rack-mount version. They badly need this for the XServe II.
- NextStep redux. After all these years, the “FAX” button in the Print dialog box finally makes its triumphant reappearance. More amusing still, was the malarky surrounding the new Finder (“User-centric,” not “Computer-centric!”). I should reserve judgement until I can see 10.3 in action, but from the screen shots, it’s clear that the left-most column of the new Finder is a born-again version of the Shelf. Now, the Jaguar implementation of the same idea (as a toolbar) is next-to-useless, so this must surely be an improvement. But, since I was never much-enamored of Workspace.app (the NeXT name for the Finder), I am somewhat underwhelmed.
- iChat AV and the new iSight camera look really cool. I don’t do IM, but ad-hoc video-conferencing, now that’s a bandwidth killer I could get into.
- Otherwise, Pather (MacOSX 10.3) looks to be chock full of good features:
- Fast User Switching (I know XP has it first, but this is a slick implementation and the rest of the OS doesn’t suck.)
- On-the-fly directory encryption
- IPSec, FreeBSD 5.0, X11,…
They just keep churning out new features while the “rest” of the world waits patiently for Longhorn (which prompts one of the more amusing clips in the Keynote).
June 24, 2003
Safari 1.0
Safari 1.0 is out. Pretty darn good for a 1.0 release. It is not without CSS bugs though. Three happen to affect this blog:
overflow:autodoesn’t work right. The scrollbar obscures the text.list-style-position:insidedoesn’t work. The contents of the<li>overlap the numbers.border-collapse:collapsefor tables doesn’t work.
Here’s a little reduction to illustrate the first two problems. For the third, just look at the table in the previous blog entry (ignore Safari’s lack of MathML support).
I’m hoping Dave Hyatt is hard at work on Safari 1.1.