Wednesday, August 23, 2006
Oracle Installer, Postgrey & Broke Back Italy
So I've been getting some grief about not bloggin much. "Your blog is all about that Rockstar show now". Yeah yeah ... I realize the work / life details have been missing recently, but I just haven't been motivated to actually reflect on what's been going on the last month.
something I have been waiting to write about is my abhorment of the Oracle installer on windows. For a client they connect to a production Oracle database locally and run Crystal Reports on it. So SSH tunnels through PuTTY, and CR is bad enough. Installing and setting up Oracle on their new systems was enlightening.
Several pages of documentation left by the previous head geek to the boss geek, and passed on the worker geek (me), to try and help the lemming geeks set this all up. Pages of fixes for windows running on Pentium 4 machines and fixes to get the applications to launch from the start menu ... yes ... you have to hack things to get their applications to launch from the menu.
You need to pass -nojit to the java options in order for things to work properly. Oh and the net assistant gets launched during the installation, but it hangs, and you have to manually kill it. But the install still works, and go on your way kludging things. Bizarre! Not to mention after you are all done we had to manually edit tnsnames.ora to remove the appended local domain which is magically appended during the install. Whatever. I know what to do ... the instructions are noted and altered to our specific needs ... done.
So I've been back in the land of SPAM again. Some sticks have been poking in my sides. After some discussion with a new colleague, he mentioned something about "greylisting". I said I would look into it. Greylisting is when unknown messages are received by a mail server, it will reject with a temporary failure (450) and to try again later. The idea is that most spam is not through legitimate servers that will make a second attempt. So if we never hear back, no spam. In the case of valid email, the original server will requeue and try again later.
I found "postgrey" which is a greylisting daemon built to integrate with postfix. So I tried it out. Luckily there is a great ubuntu (debian) package available. apt-get install postgrey, edit a couple of files to set my timeout, and max age values, and add a single policy to the postfix smtp_recipient_restrictions. Immediate results. My personal mail server I was getting about 140-170 spam mails per day. In the 6 days since I turned this on I have received a total of 15 SPAM messages (all of which were caught by spamassassin). That's a decrease of 98.3% of my SPAM. WOW! Gregg had a reduction of 100% of SPAM for the short period after we set it up on his personal server. We quickly installed on the fortress servers. I install on L&Y ... and they have been _RAVING_ about the reduction in SPAM. Jack said to me ... what happened to the 30 crap emails in my inbox this morning ... I'm not getting them anymore? ;-) We just installed on another client. Gregg said to me ... "Why doesn't everyone do this?"
We do realize that legitimate emails will be delayed for a short time. And potentially quite some time depending upon the originating mail server's queue times. But the benefits _way_ cripple the disadvantage of a few late emails. And after a configurable amount of successful challenge and response runs, the sending servers become whitelisted, and they are not challenged any more. There is also a postgreyreport utility to analyze the logs and see who is getting the spam and from where it is coming. Nifty.
So the other night I went out to meet some people. Rhonda and Courtney were our mystery guests on the pub crawl a year ago. Rhonda was back in town from Italy for the weekend, and I went to meet them at Kilkenny's. It was good to see Courtney as well and not just have a IM relationship with her ... she does actually exist! I met some of their friends, and it was a relaxing night all around. We were discussing a friend of mine who is an actor. Court was skeptical of the story of "actor", but it's true. He's in a real movie produced by George Clooney. Speak of the devil he phoned me while we were at the pub. I talked to him briefly and got some news from him, that he has another role in a new production. I had to tell John the news and we laughed only because we know our best friend. I put it to John like this ... do you think he is more a Heath Ledger, or Jake Gyllenhal type? ΒΆ 12:20:00 AM
something I have been waiting to write about is my abhorment of the Oracle installer on windows. For a client they connect to a production Oracle database locally and run Crystal Reports on it. So SSH tunnels through PuTTY, and CR is bad enough. Installing and setting up Oracle on their new systems was enlightening.
Several pages of documentation left by the previous head geek to the boss geek, and passed on the worker geek (me), to try and help the lemming geeks set this all up. Pages of fixes for windows running on Pentium 4 machines and fixes to get the applications to launch from the start menu ... yes ... you have to hack things to get their applications to launch from the menu.
You need to pass -nojit to the java options in order for things to work properly. Oh and the net assistant gets launched during the installation, but it hangs, and you have to manually kill it. But the install still works, and go on your way kludging things. Bizarre! Not to mention after you are all done we had to manually edit tnsnames.ora to remove the appended local domain which is magically appended during the install. Whatever. I know what to do ... the instructions are noted and altered to our specific needs ... done.
So I've been back in the land of SPAM again. Some sticks have been poking in my sides. After some discussion with a new colleague, he mentioned something about "greylisting". I said I would look into it. Greylisting is when unknown messages are received by a mail server, it will reject with a temporary failure (450) and to try again later. The idea is that most spam is not through legitimate servers that will make a second attempt. So if we never hear back, no spam. In the case of valid email, the original server will requeue and try again later.
I found "postgrey" which is a greylisting daemon built to integrate with postfix. So I tried it out. Luckily there is a great ubuntu (debian) package available. apt-get install postgrey, edit a couple of files to set my timeout, and max age values, and add a single policy to the postfix smtp_recipient_restrictions. Immediate results. My personal mail server I was getting about 140-170 spam mails per day. In the 6 days since I turned this on I have received a total of 15 SPAM messages (all of which were caught by spamassassin). That's a decrease of 98.3% of my SPAM. WOW! Gregg had a reduction of 100% of SPAM for the short period after we set it up on his personal server. We quickly installed on the fortress servers. I install on L&Y ... and they have been _RAVING_ about the reduction in SPAM. Jack said to me ... what happened to the 30 crap emails in my inbox this morning ... I'm not getting them anymore? ;-) We just installed on another client. Gregg said to me ... "Why doesn't everyone do this?"
We do realize that legitimate emails will be delayed for a short time. And potentially quite some time depending upon the originating mail server's queue times. But the benefits _way_ cripple the disadvantage of a few late emails. And after a configurable amount of successful challenge and response runs, the sending servers become whitelisted, and they are not challenged any more. There is also a postgreyreport utility to analyze the logs and see who is getting the spam and from where it is coming. Nifty.
So the other night I went out to meet some people. Rhonda and Courtney were our mystery guests on the pub crawl a year ago. Rhonda was back in town from Italy for the weekend, and I went to meet them at Kilkenny's. It was good to see Courtney as well and not just have a IM relationship with her ... she does actually exist! I met some of their friends, and it was a relaxing night all around. We were discussing a friend of mine who is an actor. Court was skeptical of the story of "actor", but it's true. He's in a real movie produced by George Clooney. Speak of the devil he phoned me while we were at the pub. I talked to him briefly and got some news from him, that he has another role in a new production. I had to tell John the news and we laughed only because we know our best friend. I put it to John like this ... do you think he is more a Heath Ledger, or Jake Gyllenhal type? ΒΆ 12:20:00 AM
