May 13th, 2006

OK Computer

Greylisting

In the neverending fight against spam, I'm testing out greylisting on my mail server at home. If you have not heard of greylisting, it's a technique that keeps a list of your mail server's "recently-seen" combinations of recipient address, sender address, and remote mailer IP. If your server hasn't seen that combination before, it returns a temporary failure to the remote server, which should cause the remote mail server to try the message again later (the temporary failure is an SMTP 4xx response). Your server adds this combination to the list, and when the remote system tries again, the message is accepted and this combination of addresses and IP moves from the greylist to the whitelist.

This stops spam because most spammers aren't using a real mail server. They're using software that blasts as many messages as they can at mail servers, and won't queue or retry or bounce if the remote server doesn't take the message on the first try.

I've been running this for about half a week now, and it's drastically cut down on the amount of spam I get. The downside, though, is that if I forget my password at some web site and have it mail the password to me, I won't get the message for 30-60 minutes, depending on how frequently their mail server retries. We'll see if greylisting is worth that price.

There are lots of greylisting implementations available. I'm using milter-greylist for Sendmail, on Solaris.
OK Computer

Solaris 10

Since we've been upgrading some systems at work to Solaris 10, I decided to upgrade my home system to Solaris 10 as well (from Solaris 9). One of the very cool features of Solaris is live upgrade. If you have a spare disk in your system, you can clone the boot disk, upgrade that copy while the system continues to run, then boot from the upgraded copy whenever is best for you. And if you don't like it, you can back out by booting off the other disk. We used this method at work (breaking the boot disk's mirror to get a spare disk) to save on downtime, so I decided to use it at home too, not that downtime is critical.

One thing that made my upgrade a whole lot easier is that I use the built-in Solaris Volume Manager, whereas at work we use Veritas Volume Manager (VxVM). VxVM is super-cool, but one of the downsides is the lack of integration into Solaris. Live upgrade can't handle VxVM-encapsulated disks, so with VxVM the upgrade procedure gets bloated by a lot of "undo this, undo that, undo the other" at the start and "redo this, redo that, redo the other" at the finish. After doing that several times at work, it was refreshing to watch live upgrade "just work" with my home system's volume manager configuration.

On a related note, the second edition of the Solaris Internals book comes out, which is updated for Solaris 10. I have the first edition, which is getting a little dated (it's based on Solaris 7, which came out in 1998). I am definitely going to need to get a copy of this book.