Chronophage.net Blog

I’m trying to figure out how syslogd works. Just when you think you have things figured out…

So, I discovered that .org is signed. Unfortunately, I discovered this the hard way. I think there’s a DNSSEC bug in the version of BIND that I’m running. So time to update world on Calypso. Wee!

*UPDATE*

I upgraded to BIND 9.6.0 and all appears to be well.
I followed these instructions: http://closedsrc.org/_static/dn-articles/bind9.html
and overwrote the base install. I like to live dangerously…after testing it on one or two test machines.

Spam is the bane of all email servers and services. As I wrote in my email entry, I use Maia, which is a frontend to Amavis, which is a daemon that ties various anti-spam and anti-virus programs together. When I originally set things up, I followed a guide on NEOHAPSIS. That guide was written in Russian, but had English examples. Basically, you set up Amavis, have Postfix route mail to it (it acts as an ESMTP server) and Amavis takes care of the rest. My anti-virus program is ClamAV. It works, it’s fairly painless, and simple. My anti-spam choice, SpamAssassin, was not quite as easy.

SpamAssassin is basically a Perl script, maintained by the Apache group, that incorporates various config scripts to filter out spam. There are several modules that you can incorporate, including DKIM checking, URI scanning and, RBL incorporation. You can customize your scoring of each component, making it very flexible. The default modules include SA-Blacklist, a massive blacklist that should not be used. Ever. Disable it, otherwise you will monopolize the CPU on your server. Maia integrates with SpamAssassin very well, allowing for quarantining, with digests and reminders, statistics on each rule for customization, and end user blacklisting/whitelisting, setting up honeypots, among other options. It’s very useful, effective, and not prone to false positives.

From