Jared Johnson | 1 Aug 06:00 2010

URIBL update

I've made a bunch more changes to the uribl plugin locally; man, we
_really_ need to get some kind of svn-to-gig thing going.  Or at least I
need to re-educate myself on git and start putting things in my github
again.  If I don't manage to do this by the time (soon) that things are
settled down a bit and we have some production testing, I'll submit a new
one to the list again; but hopefully by the time I'll have found time to
git git going again and be able to point people to that.

I got permission from Dallas  <at>  URIBL to use the datafeed data, but also
got his opinion on the matter which is that using tld_lists the way I am
is not going to gain much, and introduces the risk that a new spammer
'haven' could be missed entirely.  After talking with my team we're going
to go with a full TLD list right now, and perhaps later we'll collect our
own stats to verify Dallas is right about the tiny benefit (he probably
is).  tld_lists has been updated to reflect this, though if anyone feels
more bold than me and wants updates to the 'pruned' list let me know.

I modified the parse_mime plugin as discussed previously on the list, now
the uribl plugin isa_plugin('mime_parser') and does lazy parsing.

I'll probably remove 'semicolon munging detection'; as Devin said, if real
(current) data doesn't show it's being used why bother.  I'd like to go
over a larger sampling of current data first though, which I plan to do

I've re-arranged the code slightly to allow not only the async plugin but
our own local plugin to easily take advantage of plugin inheritance to
avoid code duplication.  Our own plugin is now just 40 lines or so, thus
it gets to inherit the other 600 lines of uribl without any forking :)

(Continue reading)

Robin Bowes | 2 Aug 17:41 2010

DKIM with qmail/qpsmtpd ?

Hi all,

What's the latest regarding using DKIM with qmail + qpsmtpd?

Anyone using it in anger?

If so, what patches/plugins are you using?

Thanks for any pointers...


Jared Johnson | 8 Aug 08:09 2010

lastest uribl plugin

So I just finished testing my latest URIBL plugin iteration; this
iteration is not yet in production and I'm still planning on getting git
back in line, but it's significantly changed from the last version posted
and anyway I'm really having fun so I thought I'd send an update :)  I'm
also hoping maybe someone will be interested not only in volunteering to
test the functionality of the async changes I posted earlier, but also in
putting together an async version of resolve_shortened_uris().  The
version in the non-async plugin goes back to IO::Select to fire off all
connection attempts + queries asynchronously, but still blocks until it
gets results, so it's not suitable for the async daemon, I'm assuming that
version will need to use Danga::Socket magic.  I'm also very interested in
the idea of immediately interrupting the wait for queries to come back in
the event that we get a URIBL result that can result in rejection.  I'm
pretty sure this can't be done with the existing tools in the non-async
plugin but it could be done in the async plugin, and after all we do hope
to switch to that architecture someday :)

I had to completely revamp find_uris(), inspired by the need to find
shortening-paths in parameterized redirects, but also improved recognition
of parameterized redirects and obfuscated IP addresses... while making RE
performance 3x slower :/  Fortunately 3x slower is still something like
10,000 lines/sec.

Attachment (uribl): application/octet-stream, 40 KiB
Attachment (tld_lists.pl): application/octet-stream, 59 KiB
David Summers | 22 Aug 05:47 2010

Problem with "milter" plugin.

Hello all,

I'm using qpsmtpd 0.43 and I am trying to get the dkim-milter package on
CentOS 5 to work with qpsmtpd.

I discovered that qpsmtpd has a "milter" plugin and it appears to be
very easy to set up the interface, just put:

milter name localhost:port

and it should talk to the milter at localhost:port and perform the function.

I verified that the milter is listening on the designated port and sent
some email and the result I got back from qpsmtpd was:

Aug 21 18:36:53 mailq qpsmtpd[13812]: Plugin milter, hook mail returned
DENY, Can't call method "send_mail_from" on an undefined value at
/usr/share/qpsmtpd/plugins/milter line 143. 

When I went to look at line 43 it is trying to call the saved milter
from the $self->qp->connection->notes saved 'milter'.

I don't understand what is changing that milter variable to undefined. 
I put in more debugging and the hook_connect method is definitely saving
it but when I get to line 143 in the hook_mail method the
$self->qp->connection->notes( 'milter' ) returns undef.

Can anybody help me figure out why and where it is getting set to undef
or if there is a known bug with the milter plugin?
(Continue reading)

David Summers | 23 Aug 07:46 2010

Re: DKIM with qmail/qpsmtpd?

Hello Robin and all other QPSMTPD devs,

Here is my latest dkimcheck which I originally took from
http://alecto.bittwiddlers.com/files/qpsmtpd/dkimcheck  and modified to
do the checks and reject if it finds failed signatures and the policy
says that all messages are signed.

This is just a hack and probably has lots of stuff wrong with it but I'm
using it in production on about 6 different servers.

I really like that it rejects mail to my server that actually comes from
spammers saying that it is coming from my server.

Please take it and improve on it and let me know if you do.

A few weeks ago a Juno.com user was getting rejected (I believe that
juno.com is not correctly signing their emails or, more probably, adding
stuff to it after it has been signed) so I added a DKIM host whitelist
today to allow me to override the DKIM results.

   - Thanks
   - David

#! /usr/bin/perl -w

=head1 NAME

dkimcheck -- Check the DKIM / DomainKeys signatures in a message

(Continue reading)