Monthly Archives: May 2009

This week on twitter 2009-05-31

  • hmm maybe regfly is not so bad after all, they did have that "close my account" button so thanks @regflydotcom for making it easy this time #
  • moved email accounts from courier to dovecot. I wish tunderbird had a "subscribe to all subfolders" button #
  • @mihaibrehar deja nr tau de card se vinde pe irc :)in reply to mihaibrehar #
  • I wonder if spammers remove an email address from their list if the mail server responds with a "no mailbox" message... #
  • ... if they do and we lie to them for some time we might get rid of them ... #
  • Just added myself to the http://wefollow.com twitter directory under: #programming, #email, #linux #
  • RT: @AlexVolocaru: List of official Twitter accounts for ESPs, email marketing agencies/bloggers http://idek.net/Caj (via @MarkatEMR) #
  • RT: @StephanieSAM: Why would you pay ANYTHING for dirt? So asks the author's 13-yr-old daughter. #emailmarketing http://bit.ly/799Wk #
  • RT: @swhitley: RT @mtlb: Ashton Kutcher, Martha Stewart, Oprah, Kirstie Alley, Tila Tequila, Ryan Seacrest, Dane Cook #notfollowingfriday #

Powered by Twitter Tools.

This week on twitter 2009-05-24

Powered by Twitter Tools.

This week on twitter 2009-05-17

Powered by Twitter Tools.

Qmail TLS + SMTP Plugins on FreeBSD

Problem

One of the worst problems in qmail is that it accepts messages for non existent users and then sends back a bounce to the sender. This is the perfect setup to be exploited by a spammer. I'm using the qmail-tls port configured with vpopmail on FreeBSD.

Solution

There might be some patches that make qmail use the vpopmail command line tools directly to check if a user exists before accepting messages but I either didn't find them or thought that using the SMTP Plugins patch is more elegant and gives me more flexibility (It might be slower but this was not a high traffic server so I didn't care).

The SMTP plugins patch adds hooks at all STMP stages and the plugins can use those hooks to accept or reject a message based on the data in the smtp statements sent by the sender.
I used the Qmail-SPP - Vpopmail check user Script written by Werner Maier.

The only problem was that I had to patch the source code for qmail-tls with the qmail-spp patch and there were quite a few rejects because of the other patches applied by freebsd ports system.
I managed to adapt the code to make this patch work and here is how I did it...

First I built the original freebsd port:

  1. cd /usr/ports/mail/qmail-tls
  2. make config # pick up the options you want here ... I needed tls, smtpd-auth,vpopmail and a few others
  3. make
  4. make install

This will also install the files and then after we apply the spp plugin we just copy the modified file ( qmail-smtpd )
Next step if to download the qmail-spp plugin into /usr/ports/mail/qmail-tls/work and apply it.

  1. cd work
  2. tar -xzpf qmail-spp-0.42.tar.gz
  3. cd qmail-1.03
  4. patch -p1 < ../qmail-spp-0.42/qmail-spp-smtpauth-tls-20060105.diff

This will give you some rejects but don't worry because you'll fix them with my next patch : Qmail-tls-spp-FreeBSD patch-0.1 (4.73 KB)

  1. patch < qmail-tls-spp-freebsd.patch
  2. make
  3. /usr/local/etc/rc.d/svscan stop
  4. cp qmail-smtpd /var/qmail/bin
  5. /usr/local/etc/rc.d/svscan start

At this point qmail-smtpd should have smtp plugins working and we can set up the vpopmail user verifier script.

  1. cd /var/qmail
  2. mkdir plugins
  3. fetch http://www.maiers.de/qmail/vpopmail_check_recipient.sh
  4. chown root:qmail vpopmail_check_recipient.sh
  5. chmod 755 vpopmail_check_recipient.sh

Now edit vpopmail_check_recipient.sh and make sure the correct paths to vpopmail directory ( /home/vpopmail on freebsd ) are set in the script.

To test it, connect to smtp and try to send a message to an nonexistent account, you should see a reject message instead of the usual "ok".

This week on twitter 2009-05-12

  • liking the new design of http://freshmeat.net . Ok maybe it's not new but it's the first time I see it #
  • Thinking about business models http://ff.im/2BG2Z #
  • RT: @danzarrella: If u have a bunch of followers, but r following more people than r following u. I assume u just followed-to-get-followers. #
  • Twitter Connect for WordPress | Shannon Whitley [feedly] - http://bit.ly/UoPDC
    (via... http://ff.im/2D6OS #
  • if you're forking in perl with DBI and MySQL, make sure you connect in the child process or you mess up the parent's connection #
  • I just realized I can safely unsubscribe from the loud news accounts ( like @mashable, @techcrunch , @chrispirillo ,... http://ff.im/2D8C7 #
  • RT: @dacort: Oooh, Twitter new follower emails now include followers/following/updates information. #
  • @AnnePMitchell they're not so bad. I like more info about the new followers. I was hoping I would get the bio too in reply to AnnePMitchell #
  • @problogger maybe he consults experts :)#
  • @scour your email news can be categorized as spam because you offer no easy way for me to unsubscribe. I'm not talking about invitations #
  • looking for a good color picker for jquery #

Powered by Twitter Tools.

Comparing float values in PHP

I had to learn this the hard way. It seems in php 27.64 is just not quite 27.64 , but something close to it ( that's what some people say here anyway: http://www.php.net/ternary ) .

And that's why the following code wouldn't echo the text "dude" as you might think it should:

  1.  
  2. < ?php
  3. function t($amount){
  4. $amountdue=10.00+2.88+2.88+2.88+9.00;
  5.  
  6. echo "amountdue: $amountdue, amount: $amount\n";
  7. if($amountdue == $amount) echo "dude\n";
  8. else echo "but still no match\n";
  9. }
  10. $amount=27.64;
  11. t($amount);
  12. ?>
  13.  

Run this script and you should see:

amountdue: 27.64, amount: 27.64
but still no match

That's the dumbest thing I've ever seen. A similar code written in C gives the good results. Isn't php written in C? They should have copied C's good behavior.
If conversion from float to string gives the right results, why not use the same results when comparing float values?
So if you're having this problem it seems this will work:

  1.  
  2. if((string)$amountdue == (string)$amount) {
  3.  

The fact that php can't compare float values reliably and that you have to resort to this to make it work just makes php look bad.

This week on twitter 2009-05-03

Powered by Twitter Tools.