automounter vs procmail //at 00:10 //by abe

At work we use .procmailrc files generated by CGIpaf to let non-technical users create forwards, out-of-office mails, etc. and any combination thereof. This also has the advantage that we can filter out double bounces and spam (which also prevents us from being listed in spammer blacklists).

Unfortunately autofs (seems independent if autofs4 or autofs5 is used) seems to be unreliable if there are bursts of mount or umount requests, resulting either in “File or directory not found” error message while trying to access the home directory of a user, or “Directory not empty” error messages if the automounter tries to remove the mount point after unmounting. In that case a not mounted directory owned by root is left over.

In the end both cases lead to procmail behaving as if that user does not have a .procmailrc – which looks like sporadically lost mails to those who forward all mails. (The mails then can be found in the local default INBOX for that user.)

Additionally there are similar issues when the NFS servers are not available.

The most effective countermeasure we found so far was adding tests to the global /etc/procmailrc to check if the user’s home directory exists and belongs to the correct user:

# -----------------
# Global procmailrc
# -----------------

# For debugging, turn off if everything works well
VERBOSE=1
LOGFILE=/var/log/procmail.log

# This only works with bourne shells, $SHELL defaults to the user's
# login shell. And by experience dash seems not work, so we use bash.
OLDSHELL=$SHELL
SHELL=/bin/bash

# temporary failure (see EX_TEMPFAIL in /usr/include/sysexits.h) if
# $LOGNAME is not set for some reason. (Just to be sure our paths
# later on are not senseless.
:0
* ? test -z "$LOGNAME"
{
    LOG="Expected variable LOGNAME not set. "
    EXITCODE=75
    :0
    /dev/null
}

# temporary failure (see EX_TEMPFAIL in /usr/include/sysexits.h) if
# $HOME is not readable. ~$LOGNAME does not seem to work, so this uses
# a hard wired /home/.
:0
* ? test ! -r /home/$LOGNAME
{
    LOG="Home of user $LOGNAME not readable: /home/$LOGNAME "
    EXITCODE=75
    :0
    /dev/null
}

# temporary failure (see EX_TEMPFAIL in /usr/include/sysexits.h) if
# $HOME has wrong owner. ~$LOGNAME does not seem to work, so this uses
# a hard wired /home/.
:0
* ? test ! -O /home/$LOGNAME
{
    LOG="Home of user $LOGNAME has wrong owner: /home/$LOGNAME "
    EXITCODE=75
    :0
    /dev/null
}

[…]

If you want to store a copy of these mails for debugging purposes on every delivery attempt, replace /dev/null with some Maildir or mbox only accessible for root.

One small but important part was to explicitly declare bash as shell for executing the tests, otherwise mails for users with tcsh or zsh as login shell filled up the mail queue and never get delivered (if the SHELL variable never gets fixed).

Only drawback so far: This leads to more lagging e-mail on e-mail bursts also for those users who have no .procmailrc – because procmail can’t check if there’s really no .procmailrc.

Extensive procmail documentation can be found online at the Procmail Documentation Project as well as in the man pages procmail(1), procmailrc(5) and procmailex(5).

Spam in SMTP not via SMTP //at 18:53 //by abe

While examining the mail queue after a big mail server migration, I found the following reason for a bounce (hostnames replaced according to RFC2606):

550-5.1.1 - 
550-5.1.1 -
550-5.1.1 TO LEARN WHY YOUR EMAIL WAS REJECTED PLEASE GO HERE: 
550-5.1.1 - 
550-5.1.1 http://www.example.com/answers/dWtsb3R0b3NAdWtsb3R0ZXJ5LmNvLnVrPgA=AAA=/
550-5.1.1 - 
550-5.1.1 Cheap, Reliable Webhosting
550-5.1.1 http://www.example.com/a/hostgator/
550-5.1.1 -
550-5.1.1 Round-Trip Flights under $200 from Priceline!
550-5.1.1 http://www.example.com/a/pricelinertf/
550-5.1.1 -
550-5.1.1 Free Skype-to-Skype calls on your mobile
550-5.1.1 http://www.example.com/a/skype/
550-5.1.1 -
550 5.1.1 -

What’s next? Advertisements in HTTP headers? Oh, I forgot, they already exist and are called “referrer spam”.

e-mail.is-not-s.ms //at 20:35 //by abe

When I first read http://two.sentenc.es/ in (if I remember correctly) madduck’s signature, I thought something like “This can’t be! Why are people castrating themself?”

Although I really understand that the inventor has good reasons for such a personal policy, I notice how much time I waste by trying to fit all the information I want to transmit in the 160 characters a short messages allows — or, even worse, into the 140 characters microblogging services like identi.ca or Twitter allow.

So I had to oppose something to this, but even to only reach the coolness level of the domain “sentenc.es” is hard, you probably can’t top it at all. For luck, I’m not alone and Venty had the right idea for a hostname which has at least some geeky niveau.

So here it is, our pleading for e-mails as long and detailed as necessary:

http://e-mail.is-not-s.ms/

A German version will be available soon at http://e-mail.ist-nicht-s.ms/.

Feel free to add either URL to your e-mail signature. :-)

Oh, and thanks to the Government of Montserrat which allows strangers to register .ms domains without any hassles. :-)

Update / FAQ

Seems to be necessary to make a few things clear…

1. No, I do not think that everyone using two.sentenc.es has neither style nor knows anything about grammar or punctuation. What I say is that the site two.sentenc.es itself with its comparision to short messages (and especially without reading the author’s blog post about the site’s background) indirectly suggests to drop grammar, punctuation and style by cramming all information into a limit number of characters as often done with short messages or microblogging. And the limitation in senctences leads to tapeworm sentences which I try to avoid since they’re considered bad style, too.
2. And yes, it’s consciously written and designed to be the opposite of two.sentenc.es — even the colors and the font — and therefore is of course very close to the original. See it as it parody or satire if the closeness makes you angry.
3. And no, I currently don’t care if the site makes less sense if you don’t know two.sentenc.es — people usually can follow hyperlinks on websites.
4. We weren’t the first ones who noticed that e-mail is not SMS. An example of the problem described above from 2001.