I've had a sense recently that more spam than usual has been making its way through my mail server's filters, and I took the time tonight to figure out why. The result was interesting, a bit surprising, and in hindsight not altogether unexpected.
Like any decent run-of-the-mill mail admin nowadays, I run SpamAssassin as a primary line of defence against incoming junk. Casual spot checks of the headers on recent messages had revealed nothing out of the ordinary — all had spam scores assigned, and all fell below the configured threshold. Yet with messages so obviously spammy, and especially arriving in groups with unusual regularity, something was obviously amiss.
Looking more closely at the tests reported in the X-Spam-Status headers, one caught my eye: RCVD_IN_DNSWL_HI. Guessing that "WL" meant "whitelist", and confirming that this match was responsible for adding −5.0 to the spam score (thereby reducing it), I visited the DNSWL lookup page and manually checked every IP address in the Received headers of one piece of spam in order to determine which rogue relay was incorrectly reported as good.
To my surprise, none was listed. I checked those from a different message, and found the same. I verified these results by doing manual DNS lookups with the "host" command on my Mac. None of the servers that handled these messages was registered in this whitelist, yet SpamAssassin was repeatedly hitting a positive on the test. What was going on?
Naturally I turned to Google for some insight, and found an anecdotal account of how one guy solved a similar problem by changing his DNS resolver to something else, away from Google's public DNS service which he had been using. His problem went away, and messages were no longer being erroneously whitelisted.
For a few minutes I was pondering what Google's DNS servers could have to do with anything when I came across this article from the DNSWL folks that seemed like it might be vaguely related to my problem. The upshot is that due to a huge volume of DNS queries fielded from several particular organizations in violation of their terms of service, DNSWL has retaliated by replying with a "good" response for any and all whitelist queries from such sources.
It dawned on me that this was, in fact, my exact issue. I checked the resolv.conf on my mail server, and lo and behold, the culprit was the DNS server 22.214.171.124, one of Google's public DNS — that's where my machine has been looking for all of its name resolution.
Many months ago I had commented out my ISP's DNS in favour of the Google ones. I can't remember the specifics, but the brief comment I left in the file suggests there had been some intermittent problems with the "house" DNS (which for an SMTP server can cause havoc). So I swapped in the eights as a workaround, and everything had been buzzing along since.
I've now reverted to the local servers, which seem to be working fine, and I expect spam to return to the usual levels.
CBC reports that "Opposition MPs slammed the Harper government Thursday over Canada's opposition to putting chrysotile asbestos on an international list of hazardous chemicals."
It goes on to say that a spokesman for the UN's environment program stated that "David Sproule, the head of Canada's delegation, told participants that «Canada is not in a position to agree to the listing of chrysotile asbestos … at this conference of the parties»".
If accurate, then Sproule's remark is obviously a lie. By having the capacity to vote, Canada is in a position to agree. It has simply chosen not to.
The decision is repugnant, and typically illustrative of the Steven Harper government's lack of moral compass.
I just had a strange encounter with some Vancouver Police on my way in to work this morning.
I was riding my bike north on Kingsway, in the right-most lane. Just north of 12th, while I was riding on the dashed the margin between parked cars and the right-most lane, the car behind behind me slowed to give me an opportunity to change lanes. I signalled left, and safely made it into the left lane. I continued north, across Broadway, then stopped in with the queue of traffic waiting to turn left onto 7th.
At this point two Vancouver Police officers, riding motorcycles two abreast, pulled up to the right of me (in the through lane). I heard someone shouting "Hello! Hello!", and realized they were trying to get my attention. Looking over, one officer then shouted: "You're not a car. You have to stay as far right as possible. If you're making a turn, you have to do it within the block."
I only had time to respond with "Oh, yeah…?" and a baffled half-grin before the light changed and they peeled off ahead down Main. I continued on my way.
This exchange bothered me for several reasons.
- I don't believe I was doing anything illegal or unsafe. In fact, I was doing my best to integrate with traffic, as I always do; my movements were well-signed, obvious, and in keeping with regular traffic flow.
- I believe that these officers were themselves breaking the law by riding two abreast in one lane of traffic.
- If I were committing an infraction, I would have expected (and appreciated) lights or sirens and a proper traffic stop. Instead, the odd casual nature of this exchange seemed bizarre.
I shall do some research into the road regulations to see if I can validate the officer's advice. However I am skeptical that his admonishment, at least in this situation, amounted to little more than personal opinion – which seems rather unprofessional for the police.
As a follow-up to my previous post, I've followed through and a Mac Pro is following along.
My decision to move now was spurred by a reminder last week about a temporary tax incentive (CCA class 52) the makes capital purchases of computer equipment eligible for a 100% write-off – but only if purchased before the end of January 2011 (that's today).
So I ordered one last night from the Apple online store – a refurbished model, actually. Though this will be my first experience with an Apple refurb, the option was a no-brainer: selection is good, prices are generally hundreds of dollars less than nominal, and products carry a full warranty and are eligible for AppleCare.
The machine is a 2.8 GHz quad-core "Nehalem" Xeon with ATI Radeon 5770 (1GB) graphics, plus the usual array of bells and whistles. I'm looking forward to kicking it in speedy style with the latest Xcode and iOS toolchain, and Aperture on the 27" display.
This afternoon I ordered a Dell UltraSharp U2711 27" display, an investment I've been contemplating for awhile.
At my office, where I mostly do software development but also occasional photographic and video editing, I've been working for several years on a Power Mac G5 tower with a pair of 20" Apple Cinema Displays. This setup has been great, but is also getting long in the tooth.
The computer itself chugs painfully with Aperture, and the lack of Intel processor is becoming an increasing barrier to productivity; developing for iPhone (and now the Mac App Store) on my 15" Mac Book Pro is arduous at best.
As for the displays, their backlights are starting to slightly fade and I can no longer match the white balance on both displays even after profiling. And a bigger screen will make a new computer seem even faster, right?
By my research the U2711 seems to have earned a consistently good reputation, sporting a fantastic colour-accurate matte panel, decent mechanical adjustments, and more input types than one could ever need.
While replacing the computer is of greater urgency, today's one-day price on this monitor — $749, down from $1249 — was the most affordable I've yet seen, so I decided the opportunity should be taken. Surely a new Mac Pro will follow, eventually.