Mail

Let's Encypt SSL Certificates with Exim, Dovecot & NGINX

I ran into two issues when setting up Let’s Encrypt SSL certificates on two of my servers - permission issues for Exim and the certbot cron job supplied by the package doesn’t handle the renew very well for nginx, exim or dovecot. Resolving Exim’s Permission Problems 1. Create a new group. I named it sslcerts. Add the exim user to that group. If you’re not using Debian, adjust the user in the command below.

Script: Parse Mail Headers

Here’s a perl script I put together that uses Email::Simple to extract the headers from a message. See link below. I’m using it to examine spam. It parses all the headers, with a focus on the Received headers. It should be easy to alter it to examine any header you want. As it is currently written, it: finds all the Received headers finds the first Received header that was added to the mail (presumably the header added by the first MTA that received it) extracts the IP from that header does an rDNS lookup if there’s a hostname, it looks up the nameservers for the base domain.

Possible Android Botnet and Yahoo! Mail

I’ve read a number of articles over the past few days about the possible Android botnet and Yahoo! mail. No consensus yet but that’s not necessary to stop the spam at the server level, at least in my case. Of the spam I received so far, these characteristics stand out: Only one of my mail accounts is receiving the spam. It’s not an account that usually receives spam. My long-time mail addresses that seem to have made it to most of the spam lists don’t get this spam.

Fighting Spam and Malicious Attacks

Geez. I’m feeling somewhat frustrated in dealing with an ISP that has a clearly compromised IP. I’ve been getting dictionary attacks on my mailserver for the past four days from the same IP. It’s assigned to a domain name. So I did what I normally do at first - let CSF (ConfigServer Security & Firewall - a fantastic free piece of software) handle it. The IP gets blocked for an hour.

Legitimate Companies Who Market by E-Mail - Food For Thought

I’ve just gone through a boatload of “pseudo”-spam. Pseudo-spam is what I call legitimate e-mail that, when using a vanilla installation of Spamassassin, is marked as spam solely through the e-mail creator’s carelessness, thoughtlessness, whatever adjective you want to use (I refrained from using stupidity although I desperately wanted to). This morning, 25% of the number of e-mails that were classified as spam were actually legitimate. After analyzing the Spamassassin rules that were triggered, many rules were needlessly fired.