mailq's questions

I have hashed and salted passwords in OpenLDAP for login via PAM in Linux. The setup works when the hashes are of type SHA-1 (salted or unsalted) or plain text. In these cases everything works fine and a user can login with these credentials.

If I switch to salted SHA-256 (SSHA-256) passwords, then the user can't login with the correct password. Probably pam_ldap does not understand SHA-256? I can't find any documentation stating this restriction, but also can't find configuration examples showing that it is possible.

What do I have to do? Configure/compile pam_ldap for SHA-256? Use something else than PAM?

I am forced to use salted SHA-256 as the credentials are already present in another (leading) datastore and have to be synchronized to OpenLDAP.

I've got a one-node Cassandra cluster which is currently stuck in a major compaction process. After executing a nodetool compactit started the compaction and I see the tmp-sstable files with a size of 0 bytes. But that's all. No progress for hours.

I already stopped the Cassandra service, but after a restart it continued the compaction again without progress. A nodetool compactionstats shows 0,00% progress and a remaining time of six minutes. But I already waited 24 hours. In the meantime I stopped all readers and writers without seeing any difference.

The version I use is 2.1.2. I already tried with OpenJDK 7 and with Oracle's Java 7, but no difference.

The logs show no indication of OOM or any other exception or warning.

I'm not sure if it is of any help, but I currently migrate away from Cassandra as it doesn't fit my needs. So I delete a lot of data which has been migrated. There are many rows with several hundred up to a few thousand columns. But there are a handful rows with a million of columns. They now have a lot of tombstones in them due to the migration (deletion) process.

Any help in how to debug the issue are welcome.

I notice a lot of spammy looking e-mails from suspicious sources. They are not real spam but are unsolicited. You can identify them by containing these headers:

X-Mailer-LID: 5
List-Unsubscribe: <http://example.com/unsubscribe.php?M=605065&C=b9fd2d5e30ef6ba9f399d0536f293b69&L=5&N=4>
X-Mailer-RecptId: 605065
X-Mailer-SID: 4
X-Mailer-Sent-By: 1

Does anyone know the software that generates those mails? They are sent out afterwards via real MTAs like Postfix or Exim.

If one could verify the software you can use that information for spam filtering.

I'd like to know how to configure amavisd-new to only scan for Spam on particular clients (IPs, CIDRs or hostnames) or alternatively sender's email domain.

I know that it is possible to do it on a recipient's mail address but not on how to do it for the sender's mail address. It is even possible to do it on a recipient's IP address with policy banks. But my approach should be to be independent of recipient and only relay on the sender.

What I want to accomplish is to only scan mails originating from Yahoo, Google, Hotmail and the other big senders. So it is easier to configure which senders should be observed than the ones that shouldn't.

I known that it is easier to achieve on the MTA side, but that is not part of the question because I already go a solution on the MTA side. I want to do it on amavisd-new. And it doesn't help to know how to put senders on a whitelist, as this still means that the mail goes through all the scanning but then gets a high negative score. The mail shouldn't be scanned at all unless sent by the big players.

So which parameters in amavisd-new is the right one to enable scanning for particular senders and only for these?

Currently I have a number or domains that are set up as Email Spam traps. So if I get mails on that domains I can be certain that it is ~100% Spam. I'm using this information to temporarily defer message delivery from spamming IPs on my real Email domains. I can also use the Spam mails to improve Bayesian filtering and identifying brand new viruses before they hit my real inboxes.

This procedure is only effective when I get many Spams on the Spam traps. So the question is how can I generate more Email traffic on the Spam trap domains?

I'm not going to register Spam traps at dubious newsletter senders as this would increase the false negative rate. And it would also need too much manual work to register hundreds of addresses.

Trying to publish the Spam trap addresses on Websites also failed. I have millions of addresses published and they got harvested but not used for spamming. It takes weeks and months until you get a noticeable amount of Spam on these addresses.

I'm not going to publish these Spam traps on forums and guestbooks as this would mean fighting Spam by spamming the web.

What I'm now looking for are ways how I can "accidentally" reveal hundreds and thousands of Email addresses so that Spammers pick them up and use them in their campaigns. But if someone can give me advice which other methods are good to attract Spammers I will appreciate this.

Anwering Miles' suggestions:

• Mark's only points out how to set up good sites for harvesting and what to do with the fetched Spam. But as I said I already have these pages which are not harvested enough

• Phil's experiment is too old. His approach was appropriate until 2004 and in a way until 2006. But then Spammers changed their methods drastically.

  1. Using external services as Craigslist or guestbooks counts as spamming in my opinion and so is not a valid option.
  2. This is poisoning of half-legitime newsletters and increases the false negative rate.
  3. I already have two servers that are pretending to be open proxies. But as they are not a real open proxy I can see that spammers do testing attempts. These test mails are not returned to them and so they see that it is only a fake open relay. So they avoid these servers for their tasks.
  4. Twitter gets only be crawled for tweets with special keywords. These accounts are then followed and used for twitter spamming. But not for email spamming.

Currently I have a btrfs mount point with a structure like this:#

/mountpoint/month/day/hourAs24/

and each leaf directory contains between 5,000 to 20,000 small files. There I keep the files for two month. Each day I remove the directory older than 60 days with the command

rm -R /mountpoint/month/day/

This command takes ages to run and the load on the server is extremely high while the command runs.

Would it be better to create btrfs subvolumes under /mountpoint/month/ for every day and then purge the subvolumes in one single command?

Are there any other fast and lightweight solutions to get rid of the files under one btrfs directory in a single command?

Edit: To clarify the situation. In the structure the folders month, day and hourAs24 are variables that are substituted by the correspondent values of the current date-time.

Edit after solution: It works smoothly on my test machine. And all of the following works live with the mountpoint mounted! First I create normal directories for each month with

mkdir /mountpoint/month

Then I create btrfs subvolumes for each day of month with

btrfs subvolume create /mountpoint/month/day

then I create the normal directories for each hour of day with

mkdir /mountpoint/month/day/hourAs24

And after 60 days I can easily purge the directory of the day

btrfs subvolume delete /mountpoint/month/day

(Now I have to wait 60 days to see the performance on the production server)

I want to setup a special SMTP environment: two different SMTP servers that should be transparently accessed from SMTP clients.

Let's say I have a RFC compliant Postfix running at 192.168.0.1:25 and a RFC ignoring server fooling clients at 192.168.0.1:2525.

Now I want the following. Most connections should be handled by Postfix as it is listening on the correct port. But with different iptables rules I currently REJECT/DROP connections due to RBL listings, abusive behavior or exceeding limits; just to reduce the load on the Postfix server. Now I no longer want to DROP them, but instead forward the connections to port 2525. The second server is to act as a tarpit and then defer/reject the mails.

I can't figure out how to forward connections depending on other iptables rules that are in the INPUT chain. There I use xt_recent and limit filters to dynamically decide between ACCEPT and DROP.