Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment https is dead (Score 5, Funny) 151

For all practical purposes, https is dead. There is no way browsers will carry around the hundreds of thousands of possibly-stolen-so-unsafe certificates fingerprints (to consider these tainted/revoked). The only way forward is probably to move away to an incompatible protocol. And if possible, cure some of the X509 wrong ways.

Comment Re:Benchmarks (Score 1) 160

# wtf? with the binary blob:
here$ cat /etc/X11/xorg.conf
Section "Device"
        Identifier "nVidia Corporation GeForce 8600 GTS rev 161"
        Driver "nvidia"
        BusID "PCI:1:0:0"
                Option "RandRRotation" "on"
here$ xrandr -o 1
(turns his head to the right)


Submission + - Stopping Spam with Linux

support department writes: "What is Spam?
If you have used email at all you have seen spam: unsolicited and unwanted email. The way that email works means that it is very easy to send out bulk mailings at a very low cost. The cost is low because largely it is the receiver of the email that pays. If you read email on a dialup modem line or pay for your Internet connection, then in a real sense you are paying for the spam you get.Why Can't the ISP Just Block it For Me?

Often it is difficult for ISPs to block spam to everyone. This is because the ISPs do not know which email items you want to receive and which ones you do not. The ISP cannot predict in advance what email you have an expectation of getting and from where. It would also be inappropriate for ISPs to screen the content of the messages. There would be privacy issues. However, there are certain approaches that can be taken at the email server side. If you have recently installed Linux and are thinking of running your own email server, then you should carefully consider the problem of spam.

Focus on sendmail
Sendmail is the most widely used MTA on the Internet. It's an old, large, complex and not particularly efficient program. In particular it has a bad reputation for being difficult to configure. Whatever email server program you choose to use, though, blocking spam is still an important issue. The concepts outlined below are applicable to any type of server program.

Disallow Relay
The most basic thing you should do is prevent your machine from being used as a place from which to send spam. It may be surprising, but the 'Simple Mail Transfer Protocol' that is used by all Internet email gateways does not check passwords or any other sort of access when it is accepting messages for delivery. If a spammer connects to your email server all they have to do is give it a list of addresses, which takes just a few seconds. The MTA then 'fans out' the lists of email addresses into real attempts to connect to remote sites. At the very least you need to stop other people from using your email server from doing their dirty work with your resources.
To prevent this from happening, first you need to make a list of hosts that will be allowed to relay through your server. These would include other machines at your site, perhaps PCs running F{LocalIP} /etc/mail/LocalIPg mail clients under Microsoft Windows. Make a file /etc/mail/LocalIP and then add the line:

F{LocalIP} /etc/mail/LocalIP

anywhere in the top of your /etc/ file and add these lines at the end of the /etc/ file:

# first: get client addr
R$+ $: $(dequote "" $$) $| $1
R0 $| $* $@ ok no client addr: directly invoked
R$={LocalIP}$* $| $* $@ ok from here
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*$* $#error $@ 5.7.1 $: 550 we do not relay

# remove RelayTo part (maybe repeatedly)
# R$*$* $>3 $1 $4
R$*$* $: $>removelocal $>3 $1 $3
R$*$* $@ $1$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*$* $: $>removelocal $1$3

This fragment of sendmail configuration file is from the sendmail Web site. There is a lot of detail there on how to get sendmail configured to block spam. So I will just skim over the rest of the methods available and point you there for further practical assistance.

Check For Bad Addresses
The next level of sophistication is to keep a list of addresses and sites to block. For instance if you notice that a lot of junk email is coming in from '' you will want to block that site. The way to do this is with the 'check_mail' rules set. This method will prevent delivery from the sites you list. However, it may be difficult to keep track of where the spam is coming from and time-consuming to maintain a current list of sites that allow spam. Paul Vixie maintains a MAPS Realtime Blackhole List which is accessible via the DNS Server (non-technical explanation: it works from anywhere on the Internet quickly and with minimal fuss) and to use this you only need add a couple of lines to your 'check_mail' rules set.

procmail as MDA
The above discussion has focused on the server. But if you look at the nuisance value of mail from the user's point of view, it is worth filtering out spam email as it arrives. To do this you use the next stage in the email system. This is not the email client that you the user actually run to read the email, but the 'Mail Delivery Agent' or MDA that is used to place the messages in your email spool file as they arrive. The MDA I use is called procmail.

Procmail can easily be configured to block spam at the point of delivery. To do this, first make a list of addresses which your mail is delivered 'To'. By this I mean your email address or addresses and the address of any email lists you might be on. For instance I can take email as, and I am also on the list The idea behind using procmail to filter out spam is to attempt to match on your known addresses and that anything is left after this must be spam. This is a little dangerous in case there is a list or alternate address you have forgotten, but if you lob the spam into a different folder, (procmail can do this) then it is at least hidden away and not polluting your main folder.

Here is a set of procmail 'recipes' that are placed in the .procmailrc for each user, or the /etc/procmailrc for everyone on the machine.

#main address :0:
* ^

#alternate address :0:
* ^

#list I am on :0:
* ^
#doesn't match so it must be SPAM :0 E:

This will make a folder called 'spam' containing all incoming messages. Keep an eye on this folder for a while after you have set up the filtering. This is just to check that it is all working as planned, and to tweak the rules as required.

Fret not! If your best efforts to block spam at the receiving end fail, Linux can still help you!

To complain back to the source of the mail you can look up the people that run the spam site with the whois command. Just use the left hand side of the address as input.
mordell:~% whois

x-Cyber Promotions (Cyberpants5-DOM)
8001 Castor Avenue Suite 127
Philadelphia, PA 19152

Domain Name: Cyberpants.COM

To figure out who are the 'upstream' Internet providers to the spam site you can use the traceroute command. Here is the end of a typical output run.
nslookup and dig
If traceroute and whois can't seem to find the right-hand side part of the email address, then nslookup or dig may be able to find you a good address you can use related to the mystery address. Please refer to the online documentation for more details.

All of the solutions outlined above work on the server regardless of the email client used to read mail. So you could implant a spam-blocking policy on a Linux server, and continue to read email on a different platform (like Netscape on a Macintosh for instance) while still getting the benefits of Linux!

Referance —"

Submission + - Senators attempt to silence global warming dissent

Phillip Toland writes: "As a follow up to yesterday's article about anthropogenic climate change dissent, has an article discussing a recent letter sent to ExxonMobile's CEO by Senators Jay Rockefeller (D) and Olympia Snowe (R). The full text of the letter can be found here. The authors of the article believe that the letter is an attempt by the Senators to silence criticism in the climate change debate. Indeed the letter seems to indicate that everything is settled and Exxon should just shut-up. Is this the kind of bias the BBC is looking for?"

Submission + - Security People Use Firefox

An anonymous reader writes: A look at the Hack Report's web stats confirms two things that I've suspected for a long time a) Security (conscious?) people use Firefox (64%) instead of IE (26%) and b) Firefox users are much faster when it comes to upgrade to a newer version. My guess is that a lot of this will change rather quickly once Vista installations pick up. se-firefox/

Submission + - Australian Backdown on draconian copyright laws

glamb writes: Australian Attorney-General Philip Ruddock's copyright reforms are almost certain to become law by January, after significant changes were made to ensure innocent consumers are not criminalised.

The Copyright Amendment Bill 2006 passed through the Senate on Friday after a number of modifications were made. It will now go back to the House of Representatives for re-approval.

"The Free Trade Agreement with the United States means the worst aspects of the American Copyright system has been imported into Australian law but with none of the consumer safeguards such as open ended fair use rights that exist in the United States," said Greens senator Kerry Nettle. "This new Copyright bill extends this problem and threatens to criminalise a fifth of Australians who regularly share music, movies and video games amongst friends and family."

Slashdot Top Deals

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin