Seegras Logbook

Sometimes you get pearls of germanified english, such as the following:

You have already used all available Mailinglisten. To get more, you have to update to an extensiver product.

Well, since there exists a word for the same done with japanese, “engrish”, namely, I propose henceforth to use the term “gremlish” (being one of the only pronouncable mixtures of “german” and “english”; as well as referring to little critters doing mishap) for things like this.

It’s not exactly Mock German but something produced by (somewhat) english-speaking germans who either apply german grammatical rules to english texts, or who use german words in an “englified” form in english texts. Hence “more extensive” may become “extensiver” or “mailinglists” may become “mailinglisten”.

Man stelle sich vor, ein weltweiter Markt, ohne Schutzzölle, ohne Handelshemnisse, ohne Protektionismus, ohne Subventionen!

Gute Idee. Die Frage ist, wann kommt er? Und wann werden diese Hindernisse endlich abgebaut? Es stellt sich beim näheren Hinsehen nämlich heraus das genau die Proponenten dieser Globalisierung Ihre grössten Feinde sind!

• Subventionen: Natürlich kann ich billiger produzieren indem ich in China meine Umwelt versaue. Effektiv subventioniere ich mit Schäden an öffentlichem Gut meine Exportartikel. Das betrifft nicht nur das Beispiel China, sondern es betrifft auch den Internationalen Transport; da werden mittels nicht-besteuerung von Treibstoff die damit angerichteten Schäden an die lokalen Steuerzahler abgewälzt. Dies ist auch National der Fall, das schweizer Bundesamt für Verkehr hat ausgerechnet dass der Benzinpreis um SFR 2.50 erhöht werden müsste um nur schon die Schäden und Kosten abzudecken die der Steuerzahler jetzt schon bezahlt (in Form von Gesundheitskosten, Unfällen, Aufforstung, Umweltkatastrophen, Trockenheit usf.).
• Schutzzölle: Es ist ja durchaus verständlich wenn man Wegzölle erheben möchte, um .z.b. zum Erhalt von Verkehrswegen beizutragen. Es ist bedingt sogar verständlich dass man Zollkontrollen machen möchte um die Einfuhr unerwünschter Waren zu verhindern. Was aber nicht verständlich ist, ist dass diese Globalisierungsgegner vom Zoll irgendwelche Pakete (deren Inhalt sogar deklariert ist) öffnen, die Verpackung mittels Klebeband wieder zusammenbauen und dabei von eckiger in runde Form bringen, die Zustellung eine Woche verzögern, bei 100 SFR Warenwert SFR 6.25 Zoll draufpappen und dafür auch noch SFR 30 Bearbeitungsgebühr verlangen. Was für ein immenser Aufwand um ein Handelshemniss darzustellen!
• Patente: Das Allergrösste ist ja dass die WTO, die sich selber die Globalisierung auf die Fahnen schreibt, gleichzeitig der grösstmögliche Globalisierungsgegner darstellt wenn es darum geht irgendwelche Monopole zu schützen, und entsprechende TRIPS und WIPO-Abkommen in der ganzen Welt gegen jeglichen lokalen Widerstand versucht durchzuprügeln.
• Copyright: Etwas ganz ähnliches wie Patente, nur wir hier ein Verwertungsmonopol gegeben statt allen anderen das Verwertungsrecht zu nehmen. Hier geht es um Monopole, deren Geltungsbereich von ursprünglich 14 Jahren nach Erscheinen des Werks in letzter Zeit auf 70 Jahre nach dem Tod des Autors aufgeblasen wurde. Und was versuchen die Globalisierungsgegner von der WTO durchzuwürgen? Natürlich, die grösstmöglichen Monopole die irgendjemand haben könnte. Das Maximalmonopol soll als Internationaler Massstab durchgesetzt werden.
• Parallelimporte: Was anderes als eine Monopolvergabe ist ein Verbot von Parallelimporten? Wie kann es dazu kommen das solche Verbote noch im 21. Jh. erlassen werden? Wie kommt es dass irgendwelche Globalisierungsgegner es wagen dürfen einen Datenträger mit “Regionalcode” zu versehen?

Scheinbar geht die Globalisierungsfreundlichkeit nur soweit wie es den eigenen Vorteil, oder besser gesagt, den Vorteil von irgendwelchen schon bestehenden Monopolisten betrifft. Meine Herren, das nennt man nicht “Globalisierung”, das nennt man “Merkantilismus“!

The world economy doesn’t like trade-barriers, protective tariffs and other obstacles of free trade. They only benefit domestic monopolies, but hurt nations and the world economy as a whole. But the biggest, all-encumbering of those are not even disputed, they are sought to be enforced globally on a ever wider-reaching scale. They’re patents.

Patents serve the holders to get a monopoly on the production of a good, but they don’t grant it, they just grant that others are unable to produce it (without paying the holder, that is). The original idea was that they should foster innovation; but this has proven to be wrong. History tells a different story. From the swiss pharmaceuthical industry, which developed until 1954 (where patents on processes were legalized) without patents at all, and only got patents on products in 1977, to the thriving italian pharmaceutical industry which was in fact annihilated in 1978 when italy allowed patents on products. No patents definitly don’t mean no innovation: in the mid-ninteenth century, switzerland held the second highest number of exhibits per capita on the World Fairs. Plus received disproportionate shares of medals for outstanding innovations.

In the last few decades, patent-protection was ever made stronger, and the effect is that patent-litigation has overtaken patent-licensing by a factor of five in every field but pharmacy and chemistry. Innovation at Risk: The empirical case that today’s patent system discourages innovators—and how it might be fixed documents this. This means, in clear language: Every field of endeavour apart from pharmacy and chemistry would be much better off without patents at all. Still, lawyers and people obviously against globalization continue to try to make patents even stronger, lobby hard to get even more rents and even more rights for patent-holders.

Though the patent-system works in pharmacy and chemistry, it’s only the system that works — but it’s not that the patents “promote science and innovation”, as set down in the reasons why patents should exist in the first place. In this case, patents are to blame for about 50% of our health-care costs. And the swiss federal counsel allowing the “patenting of gene-sequences” on pressure of the few biggest pharma-companies, and against any and all small biotech-companies, obviously only serves to increase the rent those big companies already get, and reads thus as “federal counsel decides on increasing the cost of health-care”. Either someone here was bought and paid, or we’re ruled by neanderthals.

Why can organisations such as the WTO, which claims to stand for “free trade” sanction something like the TRIPS-agreement which tries to plaster the world with monopolies? The absolute anti-thesis of free trade?

Patents are simply an anachronism which has to be abolished better sooner than later; otherwise they will continue doing damage, no matter how much we fight the symptoms of “submarine patents” or “patent trolls”. For pharmacy and chemicals, we need to change some of the rules for the tests of the drugs first, in order to take some (state-mandated) burden off the companies; but for all other fields, we can abolish them immediately.

If you think this article lacks substance, anecdotes or hard data, please read Against Intellectual Monopoly which covers all the mentionned topics in detail. It even goes further than that, it also argues that the other intellectual monopoly — copyright — should be abolished as well. I’m not quite sure whether this is a good idea, but copyright has grown like fungus in the last few decades, and there is certainly something very wrong with it as well. Forever Minus a Day? argues that copyright should last 14 years after creation, no more. And I’d be happy with these 14 years and throw in a
“renewable once for another 14 years” as a tradeoff, but I won’t agree to more than that. With patents, I won’t give in to anything else besides complete abolishment.

Since I spent so much time in finding out why the hell sshd kept crashing when I turned on ldap-support, other people might as well profit from it.

This is what happened after I turned on ldap-support in /etc/nsswitch.conf and /etc/pam.d. According to auth.log:

Jun 6 13:59:12 proto sshd[27433]: fatal: buffer_put_cstring: s == NULL

messages also knew something:

Jun 6 13:59:12 proto kernel: pid 27435 (sshd), uid 0: exited on signal 11
Jun 6 13:59:12 proto sshd[27433]: fatal: buffer_put_cstring: s == NULL

An sshd segmentation fault when trying to log in. According to what I’ve found in bug-reports, it does this if ldap.conf or nss_ldap.conf does not exist. Only these did exist in my case. debugging-output from nss_ldap turned up nothing, pam_ldap doesn’t even support a debug-flag: “This option is recognized by pam_ldap but is presently ignored.” Says so in the man-page. Thank you.

The key to it was revealed by putting in “debug 5” into ldap.conf and starting sshd with debugging:

# /usr/sbin/sshd -d -d -d
[snip]
ldap_ndelay_off: 7
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
debug1: do_cleanup
Segmentation fault: 11

Well, it seems you need either to use ldaps://servername and not ldaps://IP in ldap.conf so SSL knows which certificate needs to be used, AND it needs a correct certificate. On the other hand, if I just use ldap://servername without SSL, then local ssh works again, however I seem to have a problem with all the ldap-services.

Some debugging of an sshd core-file reveals the following:

#928 0x0806820f in sshpam_thread (ctxtp=0x8079f80)
at /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c:469
Previous frame inner to this frame (corrupt stack?)

Software Piracy (‘soft-“wer ‘pI-r&-sE): Robbery of software on the high seas; the taking of software from others on the open sea by open violence; without lawful authority, and with intent to steal.

Property, you see, is a tangible good. A natural monopoly. If you give it away, you don’t possess it anymore, you can’t sell it twice. And states and countries levy taxes on it.

Would you really want copy-able works of art to be “property”? I guess not. I could buy a copy (or the original, since it doesn’t matter, does it?) of your novel, reprint it and sell it cheaper. No. What you want is a monopoly, and this is exactly what you’ve got with copyright.

Even more detached are patents. Whereas with copyright, you’ve got a monopoly on usage of a given work, even if its not a natural monopoly, with patents you don’t even get that. You don’t have the right to implement a patent, you only have the right to exclude others from doing it. It is, in a sense, the opposite of “property”, a right to keep others from enjoying their property or their monopolies.

So maybe you should stop making analogies to “property”, or “thievery” or even “piracy” pertaining to said copyrightable work.

So what you are talking of is “Intellectual Monopoly”. Get used to it.

If you’ve got irresponsible people on your server who let their mailform get abused by spammers, you might end up on blacklists. This is what happens if your server lands on a blacklist of hotmail.com. Stupid “smart” quotes, excessive spaces and gracious html in the mails from Microsoft have been fixed.

After being directed to http://postmaster.msn.com/ you can fill out some form going to abuse@hotmail.com. Like this:

So you send mail to abuse@hotmail.com:

Hello, hotmail.com is blocking mails from [IP]. We’ve deactivated formmail which was misused for sending spam. Please unblock [IP].

You get an automated reply:

Thank you for reporting spam to the MSN Hotmail Support Team. This is an auto-generated response to inform you that we have received your submission. Please note that you will not receive a reply if you respond directly to this message.

Unfortunately, in order to process your request, Hotmail Support needs a valid MSN/Hotmail hosted account.

We can help you best when you forward the spam/abusive mail as an attachment to us. The attachment should have full headers / message routing information displayed. This means that the complete “From” address of the offending message should be displayed. If you need help to do this, please visit the following website:

http://safety.msn.com/articles/junkmail.armx

If you have deleted or no longer have the message, you can still resubmit your report by sending the name of the violating MSN/Hotmail hosted account and a description of your concerns. If your submission does not involve a third party, please include your own account name in the body of your message along with the description of your concerns so we can process your report.

For further instructions on how to submit spam and abusive emails to Hotmail, please visit:

http://postmaster.msn.com/cgi-bin/dasp/postmaster.asp?ContextNav=Guidelines

For more information about MSN Hotmail’s efforts and technologies used to fight spam and abusive e-mails please visit:

http://postmaster.msn.com/cgi-bin/dasp/postmaster.asp?ContextNav=FightJunkEmail

Well, you go to http://postmaster.msn.com/ and fill out the form:

Service: MSN Hotmail
What type of problem do you have? I need something fixed [Other]

Full Name:Peter Keel

What e-mail address would you like a response sent to? abuse@mydomain

Primary e-mail address/member ID associated with the account you are inquiring about:

Be specific when describing your problem. The details that you include
enable us to promptly send you the most likely solution to your issue.

On the 14.1 a user on [IP] sent out spam, with which we dealt on the 15.1.

A week later, you’re still blocking [IP], and we and our other
users would be obliged if you could unblock the server.

Frequency of the issue: Always present

How do you access your Hotmail account? Other

Who is your ISP? Other

Type of Internet connection: Other

Have you recently installed any new software (if you enter yes please
add more comments in the text box above)? No

Suprise, It’s answered by a person:

Hello Peter,

Thank you for writing to MSN Hotmail Technical Support. My name is Jervin and you mentioned that a Hotmail user is being blocked from sending messages. I understand how important it is for you to have this concern attended immediately.

I have checked the IP address [IP] associated with this account and found it to be functioning properly. The user should be able to send any e-mail message to any address without problems.

Please try to send a test e-mail message and see if you will still encounter the same issue. If for some reason the issue persists, kindly reply and provide a copy of the bounce message you have received after sending the test email. Please also provide the MSN Hotmail account in question.

As one of our valued customers, your satisfaction is one of our primary concerns. Thank you for using MSN Hotmail.

Sincerely,
Jervin
MSN Hotmail Technical Support

He didn’t understand what I was talking about. Reply:

Hello

“MSN Hotmail Support” wrote:
> I have checked the IP address [IP] associated with this
> account and found it to be
> functioning properly. The user should be able to send
> any e-mail message to any address without problems.

… Its the other way round…

> Please try to send a test e-mail message and see if you will still
> encounter the same issue. If for some reason the issue persists, kindly
> reply and provide a copy of the bounce message you have received after
> sending the test email. Please also provide the MSN Hotmail account in
> question.

This is one of _hundreds_ of rejects from today:

2007-01-23 14:36:50 1H9LpS-0002xm-Hu < = user@server41.mydomain
U=user P=local S=978
2007-01-23 14:36:51 1H9LpS-0002xm-Hu ** some_user@hotmail.com R=lookuphost
T=remote_smtp: SMTP error from remote mail server after MAIL
FROM:user@server41.mydomain SIZE=2033: host mx3.hotmail.com
[65.54.244.72]: 550 Command rejected for policy reasons. For troubleshooting
information, go to http://postmaster.msn.com
2007-01-23 14:36:51 1H9LpT-0002xw-H7 < = <> R=1H9LpS-0002xm-Hu U=mailnull
P=local S=2076

And of course, it does not just concern that one user of yours, but dozens.

Kind regards

Peter Keel
System Administrator

And I get another answer:

Hello Peter,

Thank you for writing back to MSN Hotmail Technical Support. My name is Angelie and I have read your e-mail exchange with Jervin regarding your issue on not being able to send e-mail to Hotmail users because your message bounced back to you. I know how important it is to have your concern attended to immediately.

Peter, in order to help you with your issue, please visit our Postmaster site at http://postmaster.hotmail.com/Troubleshooting.aspx. This site provides troubleshooting information to those who are having issues sending e-mail messages to Hotmail. If you need further assistance with your e-mail delivery issues, you need to click on the second “here” link under “Sender services, tools, and issue submission” or submit the necessary information at: http://support.msn.com/eform.aspx?productKey=edfsmsbl&page=support_home_
options_form_byemail&ct=eformts

I appreciate your understanding and patience.

Sincerely,

Angelie
MSN Hotmail Technical Support

I fill out this new Form:

Service: Sender Information Form

What type of problem do you have?

Primary company contact name: Peter Keel

Primary company contact email address: abuse@mydomain

What domain are you sending from? various

What are the IP addresses of your outbound mail server (as seen by the receiving mail server)? [IP]

Is your server dedicated or shared? Dedicated

What ISP are you using? Ourselves, we’re an ISP

What OS are you using? FreeBSD

What mail transport software are you using? Exim

What mailing list management software are you using? irrelevant

How are bounce messages (non-delivery reports) handled by your system? delivered to the sender

How frequent are your mailings? does not apply

What are the volume of your mailings? does not apply

What are some of the accounts on Microsoft’s systems that you are attempting to send mail to? some_user@hotmail.com and probably hundreds more.

Do your SMTP logs show any failed transactions when attempting to send
to addresses at MSN, MSN Hotmail or other MSN Services? If so, include
those entries here.
2007-01-23 14:36:50 1H9LpS-0002xm-Hu *= user@server41.mydomain
U=user P=local S=978
2007-01-23 14:36:51 1H9LpS-0002xm-Hu ** some_user@hotmail.com
R=lookuphost
T=remote_smtp: SMTP error from remote mail server after MAIL
FROM:*user@server41.mydomain* SIZE=2033: host mx3.hotmail.com
[65.54.244.72]: 550 Command rejected for policy reasons. For
troubleshooting
information, go to http://postmaster.msn.com

Can you telnet to port25 of mx1.hotmail.com from your mail server(s)? yes

Can you traceroute to 216.32.183.201 from your mail server(s)? yes

Please copy/paste samples of a few of the messages you’re sending – including full headers – as seen by your recipients. forget it. I’m not going to sift those out of the queue

In what manner(s) are recipients added to your mailing list(s)? does not apply

Provide the URL of your web site. does not apply

Provide the URL of your Privacy Policy. does not apply

Provide the URL at which users opt-in to receive your mailings. does not apply

Provide the URL at which users may choose to permanently unsubscribe from your mailing list. does not apply

Are you currently a Return Path client? No

Are you Sender Score Certified? No

Do you publish Sender Policy Framework (SPF)/Sender ID records for your IP? Yes

Do you use separate IPs for your transactional vs. promotional/subscription marketing communications? No

Are you in the Junk Mail Reporting Partner Program? No

Do you use Smart Network Data Services? No

And I sent a Mail:

Hello

“MSN Hotmail Support” wrote:
> Peter, in order to help you with your issue, please visit our Postmaster
> site at http://postmaster.hotmail.com/Troubleshooting.aspx. This site
> provides troubleshooting information to those who are having issues
> sending e-mail messages to Hotmail. If you need further assistance with
> your e-mail delivery issues, you need to click on the second “here” link
> under “Sender services, tools, and issue submission” or submit the
> necessary information at:
> http://support.msn.com/eform.aspx?productKey=edfsmsbl&page=support_home_
> options_form_byemail&ct=eformts

Alright, I did.

Still, the problem is a simple as it can be: Hotmail deliberately blocks Mail sent by SMTP from [IP]. Would you just please unblock that IP?

Regards

Peter Keel
System Administrator

Now I’ve got two answers, one on the form, the other on the mail,

Hello Peter,

We have identified that messages from your IP (<ip>) are being filtered based on the recommendations of the SmartScreen filter. SmartScreen is the spam filtering technology developed and operated by Microsoft. SmartScreen is built around the technology of machine learning. SmartScreen’s filters are trained to recognize what is spam and what isn’t spam. In short, we filter incoming emails that look like spam. I am not able to go into any specific details about what these filters specifically entail, as this would render them useless.

However, we also base our spam rating on the reputation of the sender. One way to positively impact the reputation of your IP is to obtain SPF/Sender ID records. This technology allows SmartScreen to better track emails from your IP, weeding out spoofed messages. You can find additional information on creating SPF records at http://www.microsoft.com/senderid

Please confirm that your emails comply with MSN Hotmail’s technical standards. This information can be found at: http://postmaster.live.com/Guidelines.aspx http://advertising.msn.com/adproducts/Email_TechStd.asp

It will also be helpful to send example emails to randomtestacct@hotmail.com from your MTA so that we can examine the types of emails that you send. This will help me in our investigation. When you do this please send me the subject lines of emails you have sent. Please make sure that these emails are functionally similar to the types of emails that originate from your system, as any deviation from this may hinder our ability to investigate your problem. Do not use the word, “Test” or anything that would change the email from the original message that was initially sent to Hotmail Customers.

I hope that the information that I have provided to you has been helpful. You may also be able to find additional information on common delivery questions at the Hotmail Postmaster Site found at: http://postmaster.msn.com/. I would like to highlight some key areas which I believe are appropriate to your company.

* Hotmail has created the Smart Network Data Services program. This is a service that helps legitimate email senders work with their customers and partners to reduce spam originating from their IP. http://postmaster.msn.com/snds/ This program allows a sender to monitor the “health” of their IPs.

* I would also strongly recommend that you authenticate your outbound email via Sender ID and publish your SPF records for your outbound email IPs and register with Sender ID. You can find additional information at http://www.microsoft.com/senderID or you may email senderid@microsoft.com for support. Please note that technical standards (RFC 4408) discourage use of “ptr” for performance and reliability reasons.

* Monitor user complaints. Hotmail also has a sender complaint feedback loop program Junk Email Reporting Program (JMRP). Enrollment in this, free of charge, program will benefit you as a sender as it will keep your e-mail lists updated and populated with interested MSN Hotmail Customers. Participation in this program will remove those MSN Hotmail Customers who do not want to receive e-mails from your company. If you are interested in joining this program please email HMJMRX@microsoft.com

While using the SNDS tool, enrollment in the JMRP or having your IPs registered with Sender ID will not allow emails from your mail servers to bypass our filters, these are in place to help legitimate companies deliver their emails to Hotmail Customers.

* SenderScore Certified Mail Program. Many legitimate mailers and marketers have qualified and joined this “white listing” program to improve mail deliverability and decrease email from being filtered to the Junk E-mail Folder. Sender Score is a third party program,
administered by Return Path. Sender Score (www.senderscorecertified.com) is the only White Listing service to which we subscribe.

The troubleshooting steps in this email are recommendations only. Microsoft makes no guarantees that following these steps will guarantee deliverability to MSN, Hotmail, or Live.com customers.

Thank you,

Tyler
MSN Hotmail Domain Support

Dear Peter,

Thank you for writing back to MSN Hotmail Technical Support. This is Noel and I am writing in response to your request to unblock your IP [IP]. I understand how important it is to have this IP unblocked since most of your e-mail subscribers are not able to send e-mail
successfully to our accounts. I am sorry for the inconvenience this may have caused you.

Peter, I would really like to this for you since unblocking is such a simple task. However, I would like to guide you that our technical facility does not provide this option. Unblocking of IP or removing them from Blacklist and adding them to Whitelist, are done by the Domain
Delivery Support Team. In as much as I would like to remove the IP [IP], I am not able to do so since we do not have access to the Domain Delivery Support Team facility.

To correct this, kindly ask assistance from the Domain Delivery Support Team. Visit our Postmaster site at http://postmaster.hotmail.com/Troubleshooting.aspx. The e-mail address they will be sending the answers to, is also specified on that page. Please accept my apologies for not being able to assist you fully.

On behalf of our entire Hotmail staff, a heart-felt appreciation for your understanding.

Sincerely,

Noel
MSN Hotmail Technical Support

In other words, back where I started. And I’m not talking to employees of that company again. They’re all very polite, mostly clueless, apologetic and in any case can’t solve a problem which takes takes one line from me (“please unblock [IP]”) and one word from the admin (“Done”) of another big mailservice.

Addendum: Seems that this problem is more widespread than I thought: The Register: Hotmail Friendly Fire.

In fact, I can confirm this, I sent (nearly) identical mails from 60 servers to a hotmail test-address. The mails were sent with the envelope-from of an account and the server FQDN as domain, and the header-from of an other existing account on another server. This is what the outgoing-log says:

2007-07-18 14:35:58 1IB8l4-000Pti-IX < = testhost@server.domain U=root P=local S=449
2007-07-18 14:35:59 1IB8l4-000Pti-IX => testaccount@hotmail.com R=lookuphost T=remote_smtp H=mx1.hotmail.com [65.54.245.8]
2007-07-18 14:35:59 1IB8l4-000Pti-IX Completed

Some 15 of those 60 mails were classified as “Junk”. However, one of those mails never arrived, nevertheless the log clearly shows it was sent, and was accepted by hotmail. I sent another mail from the same server, which also did not arrive.

I finally decided to replace my Firewall, an UltraSparc 5 running Linux with something which is smaller, consumes less energy and produces less noise. I cam upon the PC Engines WRAP which is with 15x15x2cm considerably smaller than the Sparc. It has a serial port, three ethernet-ports and runs its OS from a Compact Flash II Card.

There’s a tutorial on Installing Debian on a USB flash with everything encrypted. After a first try, I decided to leave out the “encrypted” part, its complicated and I have no decent way of entering any passwords at boot.

For the WRAP, there some things which differ from some USB-media wich you have to take care of:

There is no real-time clock. Therefore you need to turn off the filesystem-check by time gone unchecked:

tune2fs -i 0 /dev/whatever


Clock-source should be pit or jiffies, with scx200_hrt I got me a running clock of a one-minute deviation per second.

echo pit jiffies > /sys/devices/system \
/clocksource/clocksource0/current_clocksource


You want to minimize writes on the Flash, thus you best put /var/lock, /var/tmp, /var/run and /tmp onto a tmpfs, as described in the above tutorial.

The Kernel sometimes is a bit too verbose, this will fix that:

echo 5 > /proc/sys/kernel/printk


It’s also slow, and the new apt feature to download diffs of the package-indices does heavily use disk and cpu to save bandwidth. Not a good idea in this case. Turn it off in /etc/apt/apt.conf:

Acquire
{
Pdiffs "false";
};


Finally, you might want a kernel which does only that which is needed, loads no modules (which puts the brake on some rootkits which want to install themselves as kernel-modules). You can try and err, but as it happens, somebody else (me) already did, so heres the .config for a pc engines WRAP, kernel 2.6.18 with the grsecurity kernel patch.

I took a further look at charsets in mail, in respect to what I need to receive, and what spammers use. In theory, a mailer should always use the least necessary charset, us-ascii that is, unless the user types some non-ascii sign, in which case it should use the ISO-8859 charset if appropriate, or UTF8. If you configured it to use, say 8859-1, and you type an umlaut, it sets the charset to ISO-88859-1, if you type a cyrillic character, it should use UTF8. If you configured ISO-8859-5, it should use this for cyrillic, and UTF8 if you type an umlaut. Simple. So you only need us-ascii, ISO-8859 and UTF8.

Now there are some braindead and/or obsolete mail-programs, which use different and outdated charsets. As it happens, you will have contact to people whose mails appear in a hodge-podge of non-standardized charsets, most notably windows-125X. Now, for a western-european german-speaking context, where most mails are either german or english, with some very little french or spanish thrown in, I did some statistics regarding the charsets of spam and ham.

This is a sample of 1220 legitimate Mails:

83.6% iso-8859-1
5.3% us-ascii
4.6% utf-8
4.5% iso-8859-15
1.5% windows-1252

The rest half percent is negligible and consists of some other iso-8859 charsets.

Now with spam, this looks quite different, the sample here are 6251 spam-mails:

15.5% iso-8859-1
39.5% us-ascii
00.6% utf-8
00.1% iso-8859-15
14.7% windows-1252

Now, where’s the rest? Its mostly a huge amount of the windows us-ascii replacement windows-1250, which is a completely superfluous charset:

23.9% windows-1250
1.5% iso-2022-jp
1.3% koi8-r
1.1% iso-8859-2
0.5% windows-1255
0.3% windows-1254

The remaining percent are japanese, chinese and russian charsets, plus the remaining windows-125X-charsets.

So now I can get rid of 25 percent of spam by not allowing chinese and other east-asian charsets, russian koi8 and most windows-125X charsets except windows-1252. I could get rid of another 14.7% by blocking this also, but that would piss of 1.5% of my legitimate contacts.

The blocking can be accomplished by simply putting some rule into .procmailrc:

:0:
* ^Content-Type.*windows-1250.*
spam


Or by giving it a score in spamassassin

//begin
header __ILLEGAL_CHARSET_1 Content-Type =~ windows-1250/i
meta ILLEGAL_CHARSETS (__ILLEGAL_CHARSET_1 + __ILLEGAL_CHARSET_2>= 1)
score ILLEGAL_CHARSETS 3
describe ILLEGAL_CHARSETS foreign obsolete charsets


Or by refusing it completely during transmission in postfix’ /etc/postfix/headercheck.pcre

/^Content-Type:.*\bcharset="?(?:
windows-1250 |
windows-1251 |
windows-1253 |
windows-1254 |
windows-1255 |
windows-1256 |
windows-1257 |
windows-1258 |
windows-874)\b/ REJECT Illegal Charset


/etc/postfix/headercheck.pcre can also be used to block very selectively; if for instance an “unsubscribe” does not get honoured (it’s of course useless against normal spammers since they constantly change addresses):

/^From: .*test@example.com/ REJECT I said NO, you spamming moron


And if you want to test a rule, save an email as “testcase” or something and check if it matches:

postmap -q - pcre:/etc/postfix/headercheck.pcre < testcase

Ein Film der die Geschichte um die Entstehung des gleichnamigen Gemäldes von Vermeer erzählt. Spielt 1665. Und scheinbar ist meine These dass alles was vor 1600 spielt von Hollywood konsequent in einen Fantasy-Sumpf verwandelt wird, und man sich nur bei Filmen die nach 1600 spielen mühe gibt historisch irgendwas zu recherchieren. Denn dieser Film ist punkto Sachkultur und Gedankenwelt ein Hammer. Absolut wahnsinnig auf was man alles geachtet hat, fast jedes Detail stimmt (Laut Hitomi ist einzig ein Kleidschnitt falsch, und die Gabeln haben zuviel Zinken).

Nicht nur haben die alles richtig gemacht, nein, Sie geben noch einen drauf mit so kleinen Situationen wie dem Kegelspiel der Dienerschaft, oder einem Schwein welches durchs Haus getrieben wird, die wenig mit der Handlung zu tun haben, aber den Haushalt ungemein glaubwürdiger und die Zeit viel lebendiger werden lassen.

Dazu kommt eine glaubwürdige Handlung und gute Schauspieler.

Fazit: Ein rundum gelungener Film, einfach wunderbar. Genau so muss ein Historienfilm sein.

Spielt 1200 BC und behauptet von sich “historisch” zu sein, was man vermutlich daran merkt dass die Götter nicht in Person auftreten. Ansonsten herrscht ein bunter Salat an Fantasy-Rüstungen und Helmen die eventuell ebenfalls Fantasy sind, und wenn nicht, dann 700 Jahre daneben. Überhaupt haben wieder alle zuviel Rüstungen und Helme für diese Zeit. Dito die Kleidung und der Schmuck, da ist nix griechisches dran, das ist Fantasy. Die Schiffe sind ebenfalls 500 BC und 700 Jahre daneben. Das einzig “historische” sind offenbar die griechischen sanduhrförmigen Schilde und eventuell die Speere dazu.