by

DNSMasq breaks DNSBL! Fixed…

Steven Bowen liked this post

So this was driving me nuts, and was effectively stopping me from turning off GMail and using my own e-mail server with RoundCube/ZPush. Basically, I get a ton of spam. One of the reasons I’d been using GMail is because the spam detection is great.

To block spammers, there are RDNSBLs (Reverse DNS Black Lists) that when performing a reverse DNS lookup return something in the 127.0.0.0/8 range if someone is on the “bad list”, and your MTA can be configured to block senders based on these responses.

At home, I have Tomato installed on my wireless router. I’m all set to use that as a DNS server to speed up and cache DNS lookups, but there is one problem: when a response comes back as 127.0.0.x from a DNS lookup, DNSMasq doesn’t like this and simply drops it. This is very bad for a RDNSBL, as it relies on exactly those type of responses.

I’ve been tinkering with getting this working forever, and tcpdump again helped me debug an application that wasn’t giving me much info. On my web/e-mail server, I watched the output of tcpdump for port 53, and waited a while until a spam message came through. I saw that Sendmail was doing the lookup, however each time it was simply letting the “bigger boobs” or whatever spam message through. I couldn’t for the life of me figure out why even my manual lookups were failing:

[root@webl001t mail]# nslookup 45.83.75.187.zen.spamhaus.org.
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
*** Can't find 45.83.75.187.zen.spamhaus.org.: No answer

<<< Note >>>: Repeat the above ad nauseam for about a month, on and off of course

Finally, I decided it was Sendmail that was the pain in the ass, and had to be my router. Just as a hunch, I unchecked “Use internal DNS”, and after a “service network restart” on the server, now the same DNS lookups were working!

[root@webl001t mail]# nslookup 45.83.75.187.zen.spamhaus.org.
Server:
Address:

Non-authoritative answer:
Name: 45.83.75.187.zen.spamhaus.org
Address: 127.0.0.4
Name: 45.83.75.187.zen.spamhaus.org
Address: 127.0.0.11

This, however, wasn’t the best solution as I’d rather not use my ISPs DNS servers if possible. But, I was finally on to something. Googling “DNSMasq DNSBL” came up with a lot of hits, and this discussion finally got me the answer.

After I added the below to my Tomato configuration under Advanced -> DNS/DHCP, I was finally good to go, still using my own DNS and also able to lookup domains with 127.0.0.0/8s in the response.

rebind-domain-ok=/rfc-ignorant.org/
rebind-domain-ok=/sorbs.net/
rebind-domain-ok=/uribl.com/
rebind-domain-ok=/surbl.org/
rebind-domain-ok=/dnswl.org/
rebind-domain-ok=/njabl.org/

[root@webl001t log]# nslookup 45.83.75.187.zen.spamhaus.org.
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: 45.83.75.187.zen.spamhaus.org
Address: 127.0.0.4
Name: 45.83.75.187.zen.spamhaus.org
Address: 127.0.0.11

by

NHL Fighting Poll – Why I love Imgur and the comments sometimes

ccmstrk17 476 points : 15 hours ago best report
–> Who was the bitch that said yes?
Studio1417 211 points : 14 hours ago
–> @ccmstrk17 Obviously Crosby. He wants to be able to pull hair without being punched in the face.

by

Fix for “Could not apply stored configuration for monitor” in Gnome 3

Prior to removing, you can verify that ~/.config/monitors.xml exists and has the configuration causing Gnome to show the error.

Open a terminal, and run the following:

-f ~/.config/monitors.xml && rm ~/.config/monitors.xml

That could also be a simple deletion of ~/.config/monitors.xml, but it’s more fun that way. :D

by

Student survey responses (almost) always make me smile

This quarter was a challenging one for me. I changed jobs and have a baby on the way, so I was struggling a bit with the class I teach part time at ITT. It is a new course, only the second quarter it has been offered, and some of the materials provided to me were … lacking.

I did something this quarter I’d never done before: out of sheer frustration for a lack of an answer key and very vague questions on the assignments, instead of the relatively strict grading I usually do, I on more than one occasion gave out 100% grades to those who turned in their homework. I felt bad about this because I felt like I was losing my integrity and doing those students who were turning in quality assignments a disservice.

But I digress. This post isn’t about what I felt like I failed at this quarter, it’s about the nice surprise I got when I looked over the student survey responses. Almost all of the responses (11 out of 14 students responded) marked “Strongly Agree” to the instructor based questions (e.g. “Can he control the class”, “Is he approachable”, “Does he encourage participation”).

And, the icing on the cake were these three comments, which literally made me smile. :)

Its nice to see that instructors still care about the students.

MR Moldvan is one of the best instructors i've had both at ITT tech and any other school i've been to. He is fun to listen to and play but also knows how to keep control of the class to get to business and learn. He is very knowledgeable and if something is not known he will try to figure it out for you. Outstanding Instructor.

Excellent instructor. Looking forward to having Mr. Moldvan for future classes.

Edit: The “almost” in the title is just so I don’t jinx myself. I’m sure at some point in my teaching career I will receive a bad response, but (fingers crossed) it hasn’t happened yet.

by

Copy a file with progress in Linux

You’ll need the “pv” program, which will monitor status through a pipe. On my Fedora box at work this was easy, ‘yum install -y pv’ (apt-get should work, also, for Debian based systems, but I haven’t confirmed that).

From there, running a “pv file1 > file2″ gave me the following:

[user@system Downloads]$ pv Windows8-ConsumerPreview-64bit-English.iso > /media/6330-3630/download/Windows8-ConsumerPreview-64bit-English.iso
1.24GB 0:02:49 [5.03MB/s] [=============> ] 37% ETA 0:04:46

Yes, I have downloaded the Windows 8 Consumer Preview for use on my Dell Mini Duo. If there are any gotchas there I’ll write more about that in a separate blog post. Or maybe I’ll write about how flawlessly it worked. LOL ;)

Another good use of pv is the following, which will restore to mysql from an SQL dump file (tip from here):

# pv database_backup.sql | mysql my_database
96.8MB 0:00:17 [5.51MB/s] [==> ] 11% ETA 0:02:10

by

Coming to you live from moldvan.com … also, WTFPL

Well, sort of live anyway. I purchased moldvan.com to make my e-mail addresses shorter and set up the forwards in Sendmail, so that works okay now. Since the changes to my A records haven’t propagated yet, moldvan.com on the web side still forwards to matthewmoldvan.com. Oh well.

Another funny thing I found while digging through the imapsync source for work is the following:

imapsync is free, open source but not always gratis software cover by
the Do What The Fuck You Want To Public License (WTFPL).
See COPYING file included in the distribution or the web site
http://sam.zoy.org/wtfpl/COPYING

Opening that URL gives the following:

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2004

 Copyright (C) 2004 Sam Hocevar 

 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document, and changing it is allowed as long
 as the name is changed.

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. You just DO WHAT THE FUCK YOU WANT TO.

Well said, sir.

by

Wide Open West does it again …

Years ago Wide Open West started offering cable and internet service in Grosse Ile, where I was living with my parents at the time at home. Back then we had 2Mbps service if I recall correctly, and they had just recently been rolling out 5Mbps service in our area. Out of nowhere, WoW sent us a letter informing us that we would be upgraded to the new 5Mbps service for … nothing. That’s right, they upgraded our service for free.

This was my first great experience with Wide Open West. As a relatively new company, they were competing with Comcast at the time, I just shrugged it off as a ploy to win customers. Comcast, like a bad girlfriend, had constantly reminded us as customers how misleading a relationship can be.

My distaste for Comcast grew when I lived in an apartment in Royal Oak. I signed up for what was a great deal at the time: $60 or so for their “Double Play” package consisting of cable and internet. Although I had been hurt by Comcast in the past, unfortunately I had no other provider available at our apartment complex. I had to swallow my pride and just hope they wouldn’t screw me over again. When our six month honeymoon ended, Comcast reminded me of why I wanted so badly to ditch them as a company forever; the bill shot up to $110/month, with no additional anything.

Fast forward about four years, and I finally bought a house. Because of my previous good experience with WoW, I sprung for the fast internet (15Mbps) and cable package, and have been happy with them for quite a while.

If you know me, you know I’m a big Detroit Red Wings fan. Just recently, there have quite a few Wings games on the new NBC Sports channel (previously Versus), but unfortunately I did not have this channel as part of my package when I signed up a year and a half ago. It was $25 extra per month or so, and I just didn’t want to pay that much extra.

Today, I was curious how much more the extra programming was going to be, so I pulled up Wide Open West’s website and checked their subscription packages. To my surprise I found that their new cable/internet package had all the channels I previously avoided along with 15Mbps internet for $85, or $92 for HD. From my previous experience with calling customer service and requesting upgrades, I knew I would have to arm myself with the facts and began furiously opening browser tabs with informational weapons for my upcoming battle.

I dialed the toll free number for WoW customer service, and was fully prepared to threaten cancelling my service, ask for supervisors, and in general ruin someone’s day. This is all of course because of my previous experience with cable companies.

After a minute or so on hold, I got to speak to someone and explained the situation. I expected trouble because the account is still in my girlfriend’s name, but all they asked was for the last four digits of her social security number and carried on. The customer service rep. (CSR) asked me to hold, which lead me to thinking “here we go, I’ll be on hold for 10 minutes for them to tell me they can’t do anything or it will be an extra $50 per month”. After about 45 seconds, the CSR came back, and asked if $100 and some change per month would be okay.

I noticed that the new package only had 1Mbps upload, while I currently had 2Mbps upload speed. I asked if that would change, and the CSR told me that instead of repackaging our plan she would simply apply a discount and my bill would for the most part remain the same.

Amazed at how smoothly this had all went, I was expecting to hear some bad news about how long I would have access to the new channels. There is a game on tonight, and I was hoping to see it. Fully expected to hear “24 hours” as the response to asking how long, I was instead told “Okay, you have the new service available immediately”.

WTF? No additional fees? No waiting for someone to come out and dink with wires or 24 hours for them to “activate” the service? Why aren’t all cable companies like this?

by

Testing from Fedora 16 – Blogilo application

Looks pretty nice, actually … All I had to do was enable XML-RPC in WordPress (here’s the dinner bell noise, hackers come and get it).  Hopefully WordPress is relatively secure in it’s XML-RPC implementation.

Neat stuff, though.  This is why I love open source; I’m doing this all for 100% free and on a standards based application.  :D
by

Mounting an NFS share on the Seagate BlackArmor NAS 110

I had a hell of a time using the NFS options on the Seagate BlackArmor NAS, mostly because of the lack of documentation from Seagate regarding the options necessary to actually use the damn thing as an NFS share. In my mount options, I kept getting the error:
"Connecting to NAS volume:
Unable to connect to NAS volume : NFS Error: Unable to Mount filesystem: The mount request was denied by the NFS server. Check that the export exists and that the client is permitted to mount it".

This is of course because I was specifying the wrong path to the NFS share (because of the lack of documentation on the correct path). Well, after a couple few guesses, I finally figured out what was wrong and was able to mount the device as a data store in ESX 3.5. Basically the share name was :/nas/.

Of course they don’t tell you this anywhere in the documentation, nor did I find any forum posts or other results on the web about it.

So, hopefully this helps someone out there.

by

Fancy colors break grep

When I first saw the new fancy colors for the grep command in Linux in Fedora 15 I was happy to see they added colorizing for grep results. It seems to work fine on my Fedora system, but I saw some weird behavior on a CentOS 5.7 system.

I finally narrowed it down to /etc/skel/.bash_profile, which includes the line:

Line 16:
export GREP_OPTIONS=\'--color=auto\'

This file gets copied into all new user’s home directories, and unfortunately causes nothing but issues.

Check out this weird behavior:


[test@servername ~]$ env | grep bash
grep: bash: No such file or directory
[test@servername ~]$ unset GREP_OPTIONS
[test@servername ~]$ env | grep bash
SHELL=/bin/bash

I found this because one of the scripts I wrote used grep and started to fail. Absolutely NOTHING was working with grep, which is a HUGE problem. I wonder if anyone is aware of the problem … someone should probably file a bug report with CentOS or the grep developer or someone who cares. :P