FEHCom -- News

News

16.11.2016: Finally, I integrated Jana Saout's SPF feature into s/qmail (version 3.2). Thus, the regular SMTP connections are analysed and an 'Received-SPF:' header is added. What was initially thought as Anti-Spam mechanism acts solely now as an authentication information for the sending domain. After some hustle, beginning of this year with Microsoft's strange email behavior I was urged to publish some SPF records for my domains in the DNS as well:
v=spf1 ip4:85.25.149.179/32 ip6:2001:4dd0:ff00:3d4::2/64 -all
Now, s/qmail is smart enough to analyse and act on these information .... But, it is mostly useless. Even prominent MTA's don't posses a correct SPF Record. A waste of roughly 1000 lines of C code in qmail-smtpd.

1.06.2016: According to my current experiences, SW quality is rather bad the days. In particular am I fighting constantly with Apple's MacOS X 'El Capitan'. The 'Mail.App' reconfigures itself, in case it can not contact a server. One of many other problems. DNS is also not a well understood: A Zeroconf name like 'db._dns-sd._udp.0.192.168.192.in-addr.arpa.' makes absolutely no sense at all ....

Since at least one decade I support in my Anti-Virus Tools QMVC and QHPSI for Qmail ClamAV (though it is not mentioned on their home page: https://www.clamav.net/downloads). However, what makes me angry, is the failing of clamdscan (0.99) in case of a virus!
QMVC reports the following:
Reply-To: From: "EDWIN GRANT" Subject: PLEASE TREAT AS URGENT !!! Date: Tue, 31 May 2016 16:10:41 -1200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 #### Internal Errors .... LibClamAV Warning: cli_loadldb: logical signature for Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping LibClamAV Warning: cli_loadldb: logical signature for Win.Ransomware.Locky-4 uses PCREs but support is disabled, skipping LibClamAV Warning: cli_loadldb: logical signature for Html.Exploit.CVE_2016_0184-1 uses PCREs but support is disabled, skipping #### Attachment Results ....(prepended with: 227589649-) +++ 227589649-1464754350.9840-0.india167: HTML document, ASCII text, with very long lines +++ Found 1 Attachments; thereof 1 Positive for scanning #### Errormail Reports .... #### E-Mail Errors ... (condition 64): +++ Missing 'To:' information in header #### Badmail Reports .... #### Virus Reports .... #### Actions on Incident .... +++ The blocked E-Mail (ErrorHeader) was purged #### Reactions on Incident ....

What a mess! Or let's phrase it a little more diplomatic: Virus scanners are as reliable as the weather forecast currently in Germany ...

28.02.2016: IPv6 is a 'Jack in the Box': In case you use IPv6 for communication and your DNS zone does not provide AAAA records (and the IPv6 PTRs) things may behave erratic. Reversely, if somebody publishes DNS AAAA records but the client app use IPv4 addresses to communicate with an IPv6 enabled server....
At least, the last case is taken care of now in sslserver and tcpserver. Curious, what problems will occure next.

24.12.2015: s/qmail (3.0.0) is out and feeding now the mail delivery and reception!

24.11.2015: I'm close to reach one of my targets: To release s/qmail (3.0). Version 2.15 is currently running on my systems and I expect to include the QMQ feature easily.
While my servers are FreeBSD and (Debian) Linux, I use MacOS X as client. Of course, 'El Capitan' was an my update list as well. After waiting for the fist updates, I finally installed it on my 'Pro' last week. Instead of a 'standard' update path, I decided to install it freshly on SSD.
It took me two days to complete the move (almost). However, 'El Capitan' is a disappointment: MacOS X boots now in 25 secs. To compare: My old Mac Mini with a 1.5 GHz PPC and IDE drive achieves this in 45 secs!
The new Mail.app (V3) is *very* slow. Reinstalling GPG at the first place re-generated my PGP key; thus be careful sending me encrypted mails! The new pub key in online and my key signature is now EE00CF65.
Finder performance is additionally not good at all. Sigh. We call this progress.

8.8.2015: Last week, my server was down for two days. The reason was a scheduled reboot -- and the thing didn't come back online. It took me and the support some investigation to figure out what went wrong. It turned out that by means of Debian's udev due to unknown reasons (and probably after a general package upgrade earlier this year) the name of the Ethernet interface was changed from eth0 to eth1. Of course, the network starting script did not bind the IP address to this interface. Too bad.
This updated messed things up. Now, the Debian has traditional init scripts, upstart and concurrently systemd services installed. What a mess.

21.6.2015: Since more and more people use their smartphone or tablett to surf the Web, I changed my Website's default setting to support something like 'liquid design'. Too bad: The situation is worse than before; at least concerning my own smartphone. Autsch.
At least I almost finised version 2.12 of s/qmail which is now safe use.

22.6.2015: Finally: s/qmail (2.12.9) is working on my own server as IPv6-enabled MTA! Unfortunately, my hoster 'server4you' is not able neither to provide direct IPv6 support nor to add a AAAA DNS records for my server. Anyway: You can reach me via SMTP/SMTPS and IPv6 2001:4dd0:ff00:3d4::2.

13.2.2015: On Arrive! Our book 'Technik der IP-Netze' finally came into the bookshops. Therefore, I put an advertising banner on my home page -- which failed initially. The publisher ('Hanser') send me two images; the one I used has the file named 'Ip-Netzwerk-160x600.png' which was called from my Apache server by the browser (in the logs); but the browser (Opera, Safari; but not Chrome) didn't display anything until I changed the name to simply 'Ip-Netzwerk.png'. It seems, both bowsers use the additional information for rendering -- but only if the HTML page is called via HTTP and not directly from disk. Very strange!

17.01.2015: Uff! Already a year has gone! Since finishing my book 'Technique of IP Networks' and my new professorship kept me busy, I just started with s/qmail develoment end of December 2014. However, I've already finished the major parts. Unfortunately, my provider does not support IPv6 these days directly, thus I will use SIXXS to deploy my IPv6 address in order to alllow sending emails to my qmail-smtpd instance using IPv6 even without a AAAA record. IPv6: 2001:4dd0:ff00:3d4::2

10.05.2014: MRTG working now. Since my new server is operational, neither MRTG nor Webalizer did work. Calling any of those, I always got the annoying warning:
/usr/bin/webalizer: symbol lookup error: /usr/bin/webalizer: undefined symbol: gdImagePng
even though I installed everything in place and without problems.
Finally, I found the problem:
The new libgd-2.1.0 simply does not work. With the old library gd-2.0.33 however, I succeeded, provided the configure script was pointing to the correct conf-libpng (in my case in /usr/bin):
'./configure --with-png=/usr'.

29.04.2014: Spamcontrol 2.7.31 is out. It provides even more TLS tweaking knobs. Though TLS (and in particular OpenSSL, where it depends upon) has been massively criticised lately, there is little alternative. Fortunately, the design of UCPSI-SSL an qmail/spamcontrol does not allow an active abuse of the Heartbleed bug by third persons.
Our book 'Technik der IP-Netze' is closed to get finished. Lately, we included MPTCP and DTLS (with reference to the Heartbeat function).

14.04.2014: Disk crash on my development server ;-( (FreeBSD 9.1).
Actually, it was not a hardware crash on my Samsung 1.5 TByte disk, but rather an inconsistance of the file system - unfortunately where paging happens ...
Foruntately, this was the backup drive. However, fsck'ing the drive the following happend: fsck was swapped out -- and the page was stored in the bad section. Reloading the page, the kernel realized an inconsistancy and panic'd. What a mess. The difference w.r.t. Linux is, that fsck can run in the background. But rather the process should neither be paged-out nor swapped-out. Physical memory was enough there ...
Ok. Fixed. The removal of the hard drive was enough. However, setting up FreeBSD 10.0 was again challenging. Just clang C-compiler, no gcc. Some programs don't compile with clang (ie. my vmailmgr and Binc). My first attempt was to sym-linking gcc to clang. Very bad idea. The later install of gcc from ports failed miserably. However, after having installed gcc and g++ runnig ./configure with the path to those progs saved my day.
I used an Adata SSD for the OS and a ZFS Raid 1 for my data (/home). What made me wonder is that ZFS not only includes a Volume Manager and a Filesystem but in addition provides Gpart functions. Even if gparted the disk with GPT and freebsd-zfs label, it disappeared after having installed the ZFS. Strange and not documented. In fact, gparting the disk even after having installed ZFS does not harm (at least not doing nasty things). The disk partiton table seems not to have any dependency on ZFS ! Unfortunately, missing documentation on the behaviour of ZFS is quite common.

27.01.2014: After upgrading my root server to a 64 bit system, one striking Spamcontrol bug became obvious: Within smtpdlog.c, I've forgotten to declare some logging variables. This does not hurt 32 bit systems, but makes qmail-smtpd stop within an SMTP auth session under 64 bit. Additionally with this bug fix, some more issues have been corrected in Spamcontrol 2.7.30 together with some enhancements.
Apart from my own bugs, making lagacy C programs run under AMD64 is a challenge.

14.01.2014: I've received some bug reports from John Levine, regarding ucspi-tls6. Thus, I took the chance not only to fix those but rather to streamline ucspi-tcp6 (1.00) with ucspi-ssl (0.93). Ready for download.

27.11.201: I've moved from 'Snow Leopard' to 'Mavericks' on my MacBook Pro. Instead of replacing 'SL' I used a spare partition -- and had to re-install all my Apps. To get the Mail.app working, it drove me nuts. Finally, I figured out, that qmail's qmail-popup does not announce 'CAPA=User'. After including it into the new spamcontrol-2719 , it is working fine; though the GUI for the Mail.app setup is still broken (three places to change setttings ...).
The good news: 'Mulberry' is still running great under Mavericks!

06.10.2013: ucspi-tcp6-0.99a is out. No changes to binaries.

05.10.2013: The first two chapters of our book 'Technik der IP-Netz' have been successfully converted from the 'doc' format to 'tex'; an explanation about the RSA KeX has been included into my SMTP TLS tutorial.

25.09.2013: Relaunched web site now with (moderate) CSS instead of table layout.

18.09.2013 - 23.09.2013: Server down due to power supply failure.

This site is powered by an AMD X2 Dual Core Processor 3400+ with 4 GByte memory.
Old: Linux india167 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
New: Linux india167 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u2 x86_64 GNU/Linux SW: s/qmail, vmailmgr, djbdns, ucspi-tcp6 + ucspi-ssl, Daemontools, Apache2.