I spent some time researching ways of enabling postfix to verify that a user had sufficient space available before delivering the message to Cyrus - unfortunately I came up empty.

So, I knocked up a little script in perl called chkquota that acts as a postfix policy daemon. It looks at the recipient address and uses IMAP::Admin by Eric Estabrooks to query Cyrus for the users’ current quota and only allow the message to be delivered if there is enough space for the message to be delivered. If there is not enough space it instructs postfix to defer the message, since the sender is still connected while this is happening there is no chance for backscatter to be sent to innocent third parties.

chkquota has several issues though:

• It is single threaded - it works fine on my low (couple thousand messages a day) mail load, it probably will not scale up very well, as usual YMMV
• It creates a new connection to the IMAP server for each message - this is grossly inefficient, but I failed to find a way of sharing connections that worked reliably. This may be fixed in future.
• It works for Cyrus and postfix - IMAP::Admin supports several other IMAP daemons but they may not have been tested much, again YMMV. I may turn it into a milter in future (both sendmail and postfix support the milter protocol)..

It also has several dependencies:

• perl
• postfix
• an IMAP daemon supported by IMAP::Admin
• POE
• Sys::Syslog

компютри

• Net::Server
• YAML (to parse the config file)
• Getopt::Long
• Pod::Parser

Having said all that, you can download chkquota 0.004 here. I’d appreciate any feedback.

1
2
3
4
5
6
7

var list = { 
 
    foo: "bar", 
 
    bar: "foo", 
 
};

Removing the comma from ‘bar’, the last element in the list, makes IE happy. Naturally, this does not occur in either Firefox or Opera.

I discovered another issue while using prototype’s Ajax.PeriodicalUpdater. I was passing PeriodicalUpdater an element id to update, unfortunately I’d given the element id the same name as a class. However, if you try and update an element by its id and the id is the same as a class name, it will not work in IE. Example:

<p class="test">foo</p>
<p id="test">bar</p>

This works fine in Firefox, Safari and Opera - just not IE. When I tried doing this, IE removed the content within the test class and didn’t replace the content within the test id. The solution is to ensure that your CSS id’s do not clash with class names, which is probably good practice anyway.

So I watched Final Fantasy VII Advent Children last night, it was disappointing - the script was pretty much non-existant, the return of Sephiroth was entirely predictable (apart from the manner of his return, however they gave that away way too early). The subtitles were off from the script, sometimes noticeably and the voice of Red was …awful, not to mention the fact that they make him look like some kind of unkept, rag-tag hairball, completely unlike Red XIII in the original game.

Oh and did I mention how annoying it was when Sephiroth comes back from the “dead”, yet again?

Despite all that, despite the cliches and all of the cringeworthy religeous connotations (and it’s really flooded with them - Cloud may as well have dressed up as a priest in the final scene), despite the extremely irritating way they cut from scene to scene every five seconds at the beginning, it’s not as bad as it could have been. The fight scenes are okay, the story is nonexistant, the CGI is pretty good. Then you get to the name, they could have released three seconds of footage shot in the Producer’s garden, put Final Fantasy on the front of it and it would have sold. It’s the Final Fantasy effect.

If they’d put more effort into the script, they would have produced a good movie. All the fanfics ever based on Final Fantasy VII are better than the script of this movie, if you could call it a script.. When are they going to learn that it takes more than flashy CGI and a name to make a good movie?

There’s some nice info on hacking the Nabaztag at MakeZine.

I’d buy one if it supported WPA, right now it only supports WEP. This looks set to change in the next version though (although the official site says that existing versions will not be upgradeable, which is unfortunate).

The WHOIS database exists to ensure accountability, without it there is zero accountability. There should be stricter requirements on the accuracy of WHOIS information and a wholesale ban on services like Domains By Proxy. Not because privacy is a bad thing, because we need more accoutability on the Internet today, not less.

Without the WHOIS database, where do you to find out who is accountable for a site that has been used in spam? Where do law enforcement go to find out who is accountable for a site hosting child pornography?

If law enforcement want the information they can subpoena it!
They can, however right now they don’t need to do this. The WHOIS database is publicly available. The founder of GoDaddy recently said (since disappeared, Google still has it cached though):

The information in (or associated with) the WHOIS database is important to law enforcement, intellectual property and other attorneys, who use this data to locate domain name owners for the purpose of enforcing laws or addressing grievances. In certain cases, however, the information in the WHOIS database is not accurate. This is where the problem caused by anonymity rears its ugly head.

He’s right and he’s also wrong. The WHOIS database is not just important to law enforcement, IP and other attorneys, it’s also important for Joe Bloggs who wants to find out who owns the site linked to in the last 50 viagra spam messages he received.

Making the public WHOIS database 100% accurate has proven elusive.
Various government agencies, intellectual property organizations, attorneys, and others have long wrestled with how to improve the accuracy of information in the WHOIS database. To date, they have not been able to find a way to guarantee or even improve the accuracy of this information.

Improving the accuracy of the WHOIS database will always be elusive while registrars continue to evade their responsibilities. Despite that though, supplying false information for a domain is already grounds for deletion of a domain, as it should be (although, once again, ICANN is loathe to enforce this).

It is now illegal to provide false information when registering a domain name.
Last year, there was a brief attempt to make registrars responsible for the accuracy of the Whois database. Fortunately, that legislation failed. [..]

Just as registrars won the fight to force them to take responsibility for the domains registered through them, they’ve now won the fight to essentially abolish the WHOIS database, all in the name of increasing profit.
If you want true privacy, live in a cave, please don’t register a domain name.

I used to be in the pro-SPF camp, I thought it was a good idea - not because it would combat spam (it was never designed with ‘combatting spam’ in mind). I thought it was a good idea because it was attempting to combat forgeries and joe-jobs. When I first started publishing SPF records I admit to a certain blind naivety that a solution to the forwarding problem would magically appear at some point in the near future. The truth is, it hasn’t, we don’t have the magic pill.

Recently, I’ve started having to forward some mail, while I don’t particularly like forwarding mail, I can’t dictate what my users choose to do. So now I have a problem waiting to happen - one day some forwarded mail will be rejected by the recipients MTA because the sender has published SPF.

Last year I attempted to patch Postfix, my MTA of choice, with SRS support using the patch at libsrs2.org only to find that it was horribly broken. I revisited to find that the site hasn’t changed in a year, now that’s slow progress.

SRS will never be widely implemented until there are working patches.

Not to be defeated, I resorted to setting up an instance of Exim, which apparently does have SRS support. I spent a few hours recompiling it and trying to configure it to rewrite addresses, then I sat back and wondered why I was going to all the trouble.

SPF relies on all forwarders implementing SRS - this is never going to happen.

There are other alternatives to SRS, however they still suffer from the same problem - lack of patches for popular MTAs.

The alternative solution is to stop doing pre-delivery forwarding and reinject the message from the forwarder. Take a message from foo@example.com to forwarder@bar.com:

• foo@example.com -> forwarder@bar.com -> bar@foo.com

The message gets sent delivered to forwarder@bar.com, then reinjected as a new message originating from forwarder@bar.com to bar@foo.com.

However, implementing this is a lot of work. Is it worth it? I don’t think so.