Weblog entry #81 for simonw
See all weblog entries made by simonw.
#81
base64 encoding and decoding
Posted by simonw on Wed 23 Aug 2006 at 08:52
I always find the machine I'm on never has my regular tools, perhaps I don't work from home often enough. But apparently openssl can do this, so no more scp, or Perl scripts for me.
Link explains how to do this various bits with openssl;
http://www.vanemery.com/Linux/Apache/openSSL.html
$ openssl enc -base64 -in myfile -out myfile.b64
$ openssl enc -d -base64 -in myfile.b64 -out myfile.decrypt
Turns out what I thought might be a virus, was just spam in a ".doc". In fact they were all backscatter of spam, as the spambot itself doesn't retry, and so never gets passed the greylisting we operate, but alas the backscatter does.
Shame of those who continue to accept, then bounce, email they KNOW they can't deliver.
Link explains how to do this various bits with openssl;
http://www.vanemery.com/Linux/Apache/openSSL.html
$ openssl enc -base64 -in myfile -out myfile.b64
$ openssl enc -d -base64 -in myfile.b64 -out myfile.decrypt
Turns out what I thought might be a virus, was just spam in a ".doc". In fact they were all backscatter of spam, as the spambot itself doesn't retry, and so never gets passed the greylisting we operate, but alas the backscatter does.
Shame of those who continue to accept, then bounce, email they KNOW they can't deliver.
Comments on this Entry
I implemented greylisting on a box of mine. To this day, I've had 0 spam messages to the specific machine. I am not implementing SpamAssassin or whatnot...not until it gets ugly I suppose. Qmail + greylisting is nice though.
In regards to the spam scatter/bouncebacks.. On another network I maintain, if a message is marked as spam, and the user does not exist, it is thrown away. I do not like wasting bandwidth on retransmitting the messages. Here's from my .qmail in the non-active user directory:
|grep "^X-Spam-Status: Yes" &>/dev/null && exit 99; exit 0
|bouncesaying "This account no longer exists."
In regards to the spam scatter/bouncebacks.. On another network I maintain, if a message is marked as spam, and the user does not exist, it is thrown away. I do not like wasting bandwidth on retransmitting the messages. Here's from my .qmail in the non-active user directory:
|grep "^X-Spam-Status: Yes" &>/dev/null && exit 99; exit 0
|bouncesaying "This account no longer exists."
[ Parent | Reply to this comment ]
The MTA should never accept email to non-existent accounts in the first place. It is plain stupid (even if it is the qmail default) to waste the disk writes, queue space, and innocent bystanders resources, for the sake of one read mostly lookup.
There is a lot of advice on how to get qmail to stop doing this around, try;
http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html#delay edbounce
Or use an MTA that provides basic functionality, like this, without patching ;)
Deleting email is bad karma, if the spam classifier is wrong, someone just lost their DSN, so whilst I'm grateful for the attempt to improve things I think you've gone the wrong way about sorting it.
There is a lot of advice on how to get qmail to stop doing this around, try;
http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html#delay edbounce
Or use an MTA that provides basic functionality, like this, without patching ;)
Deleting email is bad karma, if the spam classifier is wrong, someone just lost their DSN, so whilst I'm grateful for the attempt to improve things I think you've gone the wrong way about sorting it.
[ Parent | Reply to this comment ]
So in general, a spammer that sends 40K emails to my server addressed via a dictionary-like method, should receive a bounce-back message stating that XXX doesn't exist, giving them a list of somewhat valid users to share with the rest of the spamming world?
I'd like to not go about it that way, and have chosen to NOT implement patches such as `goodrcptto', `realrcptto', etc. When the message arrives, it is content-based filtered (yeah, a lot of people don't agree with this method either), and either a) trashed if spam or b) sent back stating the user does not exist. It is only trashed if the message is deemed spam AND if the user is non-existant.
This system works well with my setup, and has demonstrated to me that it is reliable in many different aspects. It may not be the most _efficient_ way of dealing with the troubles that email presents, but it is effective.
I'd like to not go about it that way, and have chosen to NOT implement patches such as `goodrcptto', `realrcptto', etc. When the message arrives, it is content-based filtered (yeah, a lot of people don't agree with this method either), and either a) trashed if spam or b) sent back stating the user does not exist. It is only trashed if the message is deemed spam AND if the user is non-existant.
This system works well with my setup, and has demonstrated to me that it is reliable in many different aspects. It may not be the most _efficient_ way of dealing with the troubles that email presents, but it is effective.
[ Parent | Reply to this comment ]