Month: November 2007

la la la another one of these… time to pile on!

murray: please don’t “retract your post” as some are calling on you to do. this is such a ridiculous concept. you said what you said because it’s exactly what you meant to say. publishing a retraction won’t change that.

clearly some people agree with your statements and some disagree. this is an issue of personal opinion. your blog is obviously your opinion. the only thing i wish is that you were a little thicker on actual substantiation behind your claims and a little bit lighter on inflammatory language. perhaps something to keep in mind for next time.

there are a couple of things i really hate. one of them is people who persistently pretend to have a different level of skill than they really do (this goes in both directions). the other is people who talk trash behind someone’s back and act all friendly to their face. if someone has a problem with someone else, i think that they should make that person aware of it.

screaming it from the rooftops may or may not be the appropriate method to do so.

clarification: the “people who persistently pretend to have a different level of skill than they really do” comment has absolutely nothing to with the current goings on. i list it here only because, it is literally one of my two least favourite things.

a few days ago i woke up in the morning and i checked my mail. i replied to a mail and evolution told me:

Recipient address rejected: Policy Rejection- You have exceeded the maximum(350) number of messages or recipients per hour. Please call Mountain Cablevision Technical Support: 905.389.1393. Thank you.

i instantly panic as i try to figure out which machine in my house has been infected with malware.

“mailq” on my main server says 3000 outgoing deferred messages. ok.

i take a look into the log and discover that the outgoing messages are all bounce replies for non-existent addresses. i’m generating backscatter! what the hell… i thought my postfix was configured properly. since i only receive mail for local users (and nothing fancy is going on) the mails to non-existant users are supposed to be immediately rejected at RCPT time.

the odd thing is that all of the bounces are for non-existent addresses *@kopesetik.desrt.ca.

i check my postfix configuration, and surely enough:

mydestination = desrt.ca

after reading some documentation i find out about another postfix option “relay_domains”. this is the list of domains that postfix will accept mail for (even if not to deliver locally). by default, this is set to be exactly equal to $mydestination, so in theory your mail server by default should only accept mail for domains that it will deliver locally for.

unfortunately there is yet another postfix configuration option. this is the worst setting ever. it is called “parent_domain_matches_subdomains”. this configuration parameter changes the interpretation of other configuration parameters. for each item listed in this parameter the meaning of the value of that item is modified. if for example, item “foo” is listed, and in your configuration file you have “foo = desrt.ca” then the meaning is now actually taken to mean “foo = *.desrt.ca”.

rather moronically, the default for this option is to include relay_domains but not mydestination.

so we have:

mydestination = desrt.ca
relay_domains = $mydestination
…but really, relay_domains = $mydestination plus a bunch of other crap…

this causes your mailserver to accept messages that it can not possibly deliver. in response, it must generate bounce messages. this makes you a source of backscatter and a contributor to the spam problem.

the brokenness can be fixed by setting the “parent_domain_matches_subdomains” option to empty.

broken broken broken.

i tried testing delivering to “nosuchuser@asdf.example.com” against the mailservers of some other people i know and about half of them had this exact problem (the ones with the problem were all running postfix). your mailserver should issue an error immediately on RCPT to such addresses. if the message is accepted for delivery then it is too late. please check your mailserver and fix as appropriate.