fighting spam in GroupWise using IMAP

I have a serious problem with spam at work; I get perhaps 100 spams a day, 200 if it’s a bad day. Our IT department has repeatedly tried to implement anti-spam solutions in the GroupWise e-mail system, but to no avail — the promised reductions in spam haven’t materialized.

I decided to install ISBG, a/k/a IMAP Spam Begone. ISBG will log into an IMAP server, examine your Inbox, and run each of the messages against a local installation of SpamAssassin. You can then instruct ISBG to delete any spam message it finds.

I’ve installed ISBG and now invoke it from cron(8) every five minutes. So far, it’s living up to expectations! I highly recommend it for anyone with a sub-par email system that cannot properly handle spam filtering.

One quirk I’ve found with GroupWise is that I have no idea how to access subfolder names over IMAP. For example, if I want ISBG to move all my spams to a folder called “Spam” under my Cabinet, the folder doesn’t seem to have the name Cabinet.Spam. I haven’t yet figured out how to refer to that folder in the IMAP namespace. If you are a GroupWise under-the-hood hacker and know the answer, please let me know!

VIA Rail WiFi suckage

VIA Rail offers WiFi service aboard its trains. I’m on my way to Montreal for a business trip, so I thought I’d try it out. My conclusion: stay away!

It seems that VIA is partnered with a company called Parsons to provide the WiFi aboard the train. Judging by the latency, I can only assume that it is a satellite link. Check out what kind of latency you get for $8.95 per 24 hours of access:

C:>tracert aphrodite.aquezada.com

Tracing route to aphrodite.aquezada.com [216.235.8.211]
over a maximum of 30 hops:

  1     1 ms     1 ms     2 ms  VIA_3454 [192.168.134.1]
  2     *        *     3071 ms  10.0.15.1
  3  4033 ms  3878 ms  3684 ms  link1.parsons.com [206.219.255.131]
  4   987 ms     *     1154 ms  66.147.156.114
  5   758 ms  1586 ms   798 ms  ge-5-0.a0.dlls.broadwing.net [216.140.4.173]
  6   899 ms  1457 ms   739 ms  216.140.4.158
  7   697 ms  1180 ms   339 ms  216.140.4.170
  8   633 ms   640 ms   859 ms  te-8-3-73.car4.Dallas1.Level3.net [4.68.63.9]
  9  2958 ms  2638 ms  1620 ms  ae-13-69.car3.Dallas1.Level3.net [4.68.19.5]
 10  1308 ms  1136 ms  1258 ms  4.68.63.162
 11  2126 ms  2132 ms  2962 ms  5.icore1.CT8-Chicago.teleglobe.net [206.82.141.2
9]
 12     *        *        *     Request timed out.
 13   944 ms  1572 ms  4343 ms  if-15-0-0-15.mcore3.TTT-Scarborough.teleglobe.ne
t [216.6.98.49]
 14   887 ms   937 ms  1901 ms  if-15-0.core1.TNK-Toronto.teleglobe.net [216.6.9
8.54]
 15  1235 ms   477 ms   320 ms  ix-1-151.core1.TNK-Toronto.teleglobe.net [216.6.
112.22]
 16  1120 ms  1936 ms  2679 ms  204.16.202.173
 17     *     3228 ms  1316 ms  216.235.0.236
 18  1519 ms  1882 ms  3716 ms  h216-235-8-211.host.egate.net [216.235.8.211]

Trace complete.

Unless you’re just doing SSH — save your money!

Internet access RFQ from ten years ago!

I’m cleaning out my $HOME/doc directory and I found this gem from ten years ago, when I was still a student searching for a new ISP. How things have changed – “what 56k modem standard are you favouring?”

Dear Sir or Madam,

I am currently in the process of searching for a new Internet service provider in the Toronto area. I thought it might be best if I simply listed my access and web page requirements, along with technical questions I wish to have answered, and you will follow up with a price range. I can be reached by e-mail at jdunn@[deleted]

Access Requirements: max. 30 hours per month, analog 28.8 kbps modem
Web Site Requirements:

  • 5 megs server space
  • CGI directory (very important)
  • access and error logs available
  • unrestricted transfer rate from outside clients

Technical and administrative questions:

  1. Do you support, or are you planning to upgrade to, 56 kbps modem technology, and if so, which standard are you favouring/planning on favouring?
  2. What is your users-to-modem ratio?
  3. How long have you been in business?
  4. How many subscribers do you have?
  5. Whose backbone are you hooked into? (e.g. sprintlink, CANet, ONet, etc.)
  6. What are your technical support hours?
  7. How many tech support staff do you have?
  8. What kind of servers do you run on? Do different servers serve up mail, ftp, http, or does one machine handle it all?
  9. Are there any discounts for students?

If you could answer my questions and give me a price quote on the above requested services, with a breakdown if certain things are extra (e.g. unlimited transfer rate), I would really appreciate it.

can’t sa-update after a recent SpamAssassin upgrade?

I got bitten by this bug after upgrading to SpamAssassin 3.2.4 recently. It seems that the GnuPG key shipped with SA precludes the verification of signatures from updates downloaded using sa-update, due to some esoteric defect with the OpenPGP design. Anyway, the point is that attempting to download new signatures using sa-update results in the following error:

error: GPG validation failed!
The update downloaded successfully, but the GPG signature verification failed.
channel: GPG validation failed, channel failed

(How many times can one say the word “failed” before I get the message?)

Anyway, it looks like the SA folks have corrected the problem with their key but it’s only available in SVN trunk so you have to perform the following magic incantation:


$ sudo gpg --homedir /usr/local/etc/mail/spamassassin/sa-update-keys --delete-key 0x5244ec45
$ wget -O - http://cvs.apache.org/viewvc/spamassassin/trunk/rules/sa-update-pubkey.txt?revision=610699 | sudo gpg --homedir /usr/local/etc/mail/spamassassin/sa-update-keys --import -

That assumes you’re using FreeBSD — adjust your paths appropriately.

The bug is still open and will be fixed in the next version (boy, if I had a nickel for every time I’ve heard that from vendors…)

faxing over IP networks: there must be a better way!

Faxing over IP networks does not work reliably. There are many technical reasons why; I won’t go into them here. This page provides a pretty detailed explanation about why trying to transmit analog modem signals over an IP network will not work — variable jitter, insufficient bandwidth, silence suppression and many other factors in VoIP call handling will work together to destroy your faxes. There are two main solutions in the FoIP (Fax over IP) space:

  • T.37 (store-and-forward): Use e-mail as the IP transport medium. T.37 defines a protocol by which faxes are converted to an e-mail message and then delivered to a T.37 endpoint – whether that is someone’s email box, or a device capable of translating the attachment into a fax image and then sending it to the target fax machine using the PSTN.
  • T.38 (real-time fax): Use either “Internet-capable” (T.38) fax machines, analog telephone adapters, or a combination of T.38 aware/compatible devices to transmit faxes using special UDP packets.

Neither of these mechanisms is particularly elegant. In fact, the adoption rate of T.38 is quite low among ATA makers, and many implementations are buggy. Also, the fact that T.38 must be implemented on both ends of a call is another nail in the coffin.

Let’s step back a moment here and reconsider what we want to do. Suppose I am a business owner considering (or having switched) to a VoIP network, but I still have my old (non-T.38 capable) fax machine. I want to send faxes to any other fax device in the world, and I don’t care whether the receiver’s equipment is T.38 capable or not. I am willing to invest in a T.38 ATA, and assume that I can do so without too much cost or effort, and that it will work reasonably well. What do I do? Continue reading

AutoRun in Windows considered harmful

Recently I started taking a basic course in Computer-Aided Design (CAD) at George Brown College – mostly for interest’s sake, although it’s partly because my day job at CBC is exposing me more and more to the engineering side of things, and I imagine it’ll only be a matter of time before I’ll have to start looking at technical drawings. The instructor recommended on day one that we all purchase USB memory keys to save our work, because there are no personal home directories on the George Brown network. Thus begins the sorry tale of how I managed to get a virus on my CBC-issued Windows laptop – thanks Microsoft! Continue reading

gopher site up and running

Forget WordPress, Facebook, Google, and all that Web 2.0 crap… remember Gopher? Actually, I never got a chance to really use it, which is why I set up my first Gopher home, perhaps 15 years too late. For those of you so inclined, and still armed with a Gopher client, go to Gopher site sdf.lonestar.org, path /users/keymaker. Those of you with newfangled "World Wide Web Browsers" like NCSA Mosaic, you’ll have to use this ugly URL.

Long live obsolete Internet technologies!

DECT and SIP

I haven’t had much of a chance to write about technology issues recently; quite frankly, not a lot has been happening that has interested me. Sure, Apple has announced a new MacBook that’s really thin, but, as usual, it has the 100% Apple markup over anything sensible. I mean, $3,000 for a notebook? I know that $1,000 of that is probably to pay for the solid-state drive, but I’m not even convinced that such technology is really necessary. I contrast this to a $500 Acer Eee laptop that would more than meet my needs! (Too bad the name is retarded, kind of like the Nintendo Wii)

Enough about Steve Jobs’ latest money printing scheme; I want to talk about telephony again. I went to a TAUG meeting tonight on the topic of integrating DECT with SIP. DECT is one of those technologies that has been around for a generation but has largely been ignored in North America; only recently has there been any uptake. Most people (myself included, at least up until about 4 hours ago) don’t even know that cordless phone systems that you can buy at Best Buy use DECT – okay, the example I linked to is a bit unfair since it says “DECT 6.0” right in the headline, but you get the idea. My friend Brian had a set of these in 2005 but I wasn’t any the wiser that it wasn’t just a regular WDCT set on the 2.4 GHz spectrum.

Continue reading

re-implementing Cacti

Earlier this year, we were forced into decommissioning our Cacti installation after the server it was hosted on suffered a catastrophic failure (it literally melted down). The server was an ancient Compaq Proliant DL320 with an older HP SmartArray RAID controller, so we had no feasible way of recovering the RRDs off it, nor the MySQL database.

Nevertheless, we figured our trending needs would be met by the implementation of another trending solution whose name I will withhold. It does the job of monitoring devices over SNMP just fine, but this product cannot get data from external scripts. This is essential for us to monitor things such as the thread states on our Apache servers. Consequently, we have decided to rebuild an instance of Cacti for these needs.

Continue reading

Nokia N800 Internet Tablet and WPA2-PSK

A few weeks ago, my friend Brian lent me his Nokia N800 Internet Tablet, because he has gone and purchased an Apple iPhone and no longer needs it. I was hoping to try and use it as a SIP client on my VoIP network, so that I could wander about the house and still make calls. (Unfortunately, the N800 isn’t actually a phone, which makes it somewhat limited in functionality.) For the life of me, though, I can’t get the damn thing to talk WPA2! Continue reading