Spam filtering foiled by DNS-based whitelisting gone awry
I've had a sense recently that more spam than usual has been making its way through my mail server's filters, and I took the time tonight to figure out why. The result was interesting, a bit surprising, and in hindsight not altogether unexpected.
Like any decent run-of-the-mill mail admin nowadays, I run SpamAssassin as a primary line of defence against incoming junk. Casual spot checks of the headers on recent messages had revealed nothing out of the ordinary — all had spam scores assigned, and all fell below the configured threshold. Yet with messages so obviously spammy, and especially arriving in groups with unusual regularity, something was obviously amiss.
Looking more closely at the tests reported in the X-Spam-Status headers, one caught my eye: RCVD_IN_DNSWL_HI. Guessing that "WL" meant "whitelist", and confirming that this match was responsible for adding −5.0 to the spam score (thereby reducing it), I visited the DNSWL lookup page and manually checked every IP address in the Received headers of one piece of spam in order to determine which rogue relay was incorrectly reported as good.
To my surprise, none was listed. I checked those from a different message, and found the same. I verified these results by doing manual DNS lookups with the "host" command on my Mac. None of the servers that handled these messages was registered in this whitelist, yet SpamAssassin was repeatedly hitting a positive on the test. What was going on?
Naturally I turned to Google for some insight, and found an anecdotal account of how one guy solved a similar problem by changing his DNS resolver to something else, away from Google's public DNS service which he had been using. His problem went away, and messages were no longer being erroneously whitelisted.
For a few minutes I was pondering what Google's DNS servers could have to do with anything when I came across this article from the DNSWL folks that seemed like it might be vaguely related to my problem. The upshot is that due to a huge volume of DNS queries fielded from several particular organizations in violation of their terms of service, DNSWL has retaliated by replying with a "good" response for any and all whitelist queries from such sources.
It dawned on me that this was, in fact, my exact issue. I checked the resolv.conf on my mail server, and lo and behold, the culprit was the DNS server 8.8.8.8, one of Google's public DNS — that's where my machine has been looking for all of its name resolution.
Many months ago I had commented out my ISP's DNS in favour of the Google ones. I can't remember the specifics, but the brief comment I left in the file suggests there had been some intermittent problems with the "house" DNS (which for an SMTP server can cause havoc). So I swapped in the eights as a workaround, and everything had been buzzing along since.
I've now reverted to the local servers, which seem to be working fine, and I expect spam to return to the usual levels.
Embracing a single point of failure
As Marco Arment says in this piece about Twitter (specifically, the impact of its recent whimsical change to authentication requirements, though the observation applies generally):
These are the risks that you take when you base your personal happiness or your business on a single, irreplaceable, young, evolving third-party service.
The same can be said for Facebook, or those silly "URL shorteners", or Gmail, or any number of other no-cost fad services that seem to become so popular.
Commonfolk can always be counted upon for short-sighted feelings of entitlement.
A new Mac Pro is on the way
As a follow-up to my previous post, I've followed through and a Mac Pro is following along.
My decision to move now was spurred by a reminder last week about a temporary tax incentive (CCA class 52) the makes capital purchases of computer equipment eligible for a 100% write-off – but only if purchased before the end of January 2011 (that's today).
So I ordered one last night from the Apple online store – a refurbished model, actually. Though this will be my first experience with an Apple refurb, the option was a no-brainer: selection is good, prices are generally hundreds of dollars less than nominal, and products carry a full warranty and are eligible for AppleCare.
The machine is a 2.8 GHz quad-core "Nehalem" Xeon with ATI Radeon 5770 (1GB) graphics, plus the usual array of bells and whistles. I'm looking forward to kicking it in speedy style with the latest Xcode and iOS toolchain, and Aperture on the 27" display.
I ordered a Dell U2711 monitor today
This afternoon I ordered a Dell UltraSharp U2711 27" display, an investment I've been contemplating for awhile.
At my office, where I mostly do software development but also occasional photographic and video editing, I've been working for several years on a Power Mac G5 tower with a pair of 20" Apple Cinema Displays. This setup has been great, but is also getting long in the tooth.
The computer itself chugs painfully with Aperture, and the lack of Intel processor is becoming an increasing barrier to productivity; developing for iPhone (and now the Mac App Store) on my 15" Mac Book Pro is arduous at best.
As for the displays, their backlights are starting to slightly fade and I can no longer match the white balance on both displays even after profiling. And a bigger screen will make a new computer seem even faster, right?
By my research the U2711 seems to have earned a consistently good reputation, sporting a fantastic colour-accurate matte panel, decent mechanical adjustments, and more input types than one could ever need.
While replacing the computer is of greater urgency, today's one-day price on this monitor — $749, down from $1249 — was the most affordable I've yet seen, so I decided the opportunity should be taken. Surely a new Mac Pro will follow, eventually.
The user experience of lost luggage
Nadyne Richmond testifies to the typically poor handling of lost luggage by airlines (and the process for unlost-luggage delivery in general).
Code that makes any song swing
Some dude has developed a Python tool that will apply a swing rhythm to any waveform. Some nifty examples. Crazy talk.
(via Andrew)
My iPad delivery is late
I pre-ordered an iPad a few weeks ago, and delivery was promised by today coincident with the international launch. I received a shipment notification at the start of the week, and everything looked on track until yesterday when I received an e-mail from Apple stating that "FedEx has informed us that, due to a flight delay, your package will not deliver on May 28th as planned" and will instead arrive, perhaps, on Saturday.
In and of itself this is not really a big deal, and it doesn't make much of a difference to me. However, it rankles for two reasons:
- FedEx's own status page, for a full day following this message from Apple, was still advising on-time delivery for May 28 at 12:00 noon. It also detailed a non-sensical and discontiguous itinerary of departures and arrivals between Anchorage, Memphis, and now Mississauga.
- Since today is significant only as a marketing date and the shipments were ostensibly ready to go well before this time, Apple could have erred on the side of customer satisfaction and shipped a few days early.
It seems unusual for Apple to over-promise and under-deliver, although its neurosis of trying to orchestrate a precise and coordinated world-wide reveal is unsurprising.
Record in H.264 and you can never publish your work?
Apparently most all consumer (and even some professional) photo and video cameras embody licensing encumbrances that strive to prevent profitable distribution of your own work: Why Our Civilizations Video Art and Culture is Threatened by the MPEG-LA.
Since the posting of that a couple days ago several other analyses (CNET, Engadget) have been presented, including reaction from Lukas Mathis who concludes that H.264 is not viable for long-term use.
This is sort of a rough situation.
Silly trendy web-service names
It seems to be a trend these days for web-based-software business to name themselves or their products using the formula [number] [plural noun]. This might have been clever the first time, but has quickly grown tired and hokey. Offending examples include (in ascending order of the leading scalar quantity) 37 Signals, 43 Folders, 99 Designs, 280 Slides.
Of course, the precedent for this scheme was set earlier by a similar vowel-removal scheme, whose progeny share equally hackneyed and silly-sounding names. Offending examples include Flickr, Tumblr, Modernizr, Flattr.
(June 2010) I've also started to pick up on another trend: the suffix "-ify". Offending examples include Spotify, Shopify.