John Shepp Org :: Providing Solutions For An Unsure World

Anthem Challenge - My Bid

Give a listen to my HNIC anthem submission, entitled Nikki

Mea Culpa From Somewhere On The Hill

You know me, or you think you did. I was too busy glad-handing with my elite backers to read any of the bills that passed over my desk, no matter how much they limit your freedom to speak, protest or travel

Crack Book Tales

Like the Facebook? Well lately it?s been the bane of Rod Bruno?s existence, likely because he over-tickled his hundreds of friends, and brought the facebook?s mail system to it?s knees, caused massive floods and bridges to collapse, forcing DHS to shut him down?

Spinal Chord - Variety Telethon 1991

Spinal Chord was a truly integrated band ? keyboardist/vocalist Sam Sullivan and drummer Dave Symington are both C4-5 quadriplegics who perform with the aid of customized midi mapping software. What you hear is all live, not a sequence, and there are no backtracks?

Burnin' Tires

In 2005 I put together this animated video for the Craig Jacks song ?Burnin? Tires?. The secret? Lots of Chickens and violence. Now it?s on YouTube.

Mail Server DOS Hell

It’s been a momentous couple of weeks. The nightmare began one sunny afternoon when I noticed a flurry of activity on both servers here. The drive access lights were on full, and there was the sound of drive noise like I’d never seen before. I decided to access the server via a web application, similar to cpanel, called webmin and see the system messages. The mail log took forever to come up, as it had ballooned to some 120 MB in size, but as soon as it came up I could see what all the noise was about. See below:

Oct 10 13:04:49 s216-232-70-103 postfix/smtpd<sup><a href="#fn16819">16819</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:04:58 s216-232-70-103 postfix/smtpd<sup><a href="#fn16819">16819</a></sup>: 1F39F111D5C: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:04:58 s216-232-70-103 postfix/cleanup<sup><a href="#fn16822">16822</a></sup>: 1F39F111D5C: message-id=<080076058050049054046050051050046055048046054056058049058049057057049057@216.232.70.68>

Oct 10 13:04:58 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: 1F39F111D5C: from=<tevisx@sakura-mail.every1.net>, size=608, nrcpt=1 (queue active)

Oct 10 13:04:58 s216-232-70-103 postfix/smtpd<sup><a href="#fn16819">16819</a></sup>: disconnect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:05:09 s216-232-70-103 postfix/smtp<sup><a href="#fn16823">16823</a></sup>: 1F39F111D5C: to=<comerce.br@uol.com.br>, relay=smtp.telus.net[204.209.205.51], delay=12, status=sent (250 Message received: 20051010200504.CZUC29931.priv-edmwes48.telusplanet.net@s216-232-70-103.bc.hsia.telus.net)

Oct 10 13:05:09 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: 1F39F111D5C: removed

Oct 10 13:08:27 s216-232-70-103 postfix/smtpd<sup><a href="#fn16826">16826</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:27 s216-232-70-103 postfix/smtpd<sup><a href="#fn16824">16824</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:37 s216-232-70-103 postfix/smtpd<sup><a href="#fn16828">16828</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:42 s216-232-70-103 postfix/smtpd<sup><a href="#fn16827">16827</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:48 s216-232-70-103 postfix/smtpd<sup><a href="#fn16829">16829</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:48 s216-232-70-103 postfix/smtpd<sup><a href="#fn16826">16826</a></sup>: 90919111D5C: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:53 s216-232-70-103 postfix/smtpd<sup><a href="#fn16831">16831</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:54 s216-232-70-103 postfix/smtpd<sup><a href="#fn16828">16828</a></sup>: 06E46111D71: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:54 s216-232-70-103 postfix/smtpd<sup><a href="#fn16833">16833</a></sup>: connect from s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:54 s216-232-70-103 postfix/smtpd<sup><a href="#fn16827">16827</a></sup>: BDE4C111D72: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:55 s216-232-70-103 postfix/cleanup<sup><a href="#fn16834">16834</a></sup>: 06E46111D71: message-id=<AIBSMCAYEAGHDOJVQSMT@sakura-mail.every1.net>

Oct 10 13:08:55 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: 06E46111D71: from=<tevisx@sakura-mail.every1.net>, size=2214, nrcpt=17 (queue active)

Oct 10 13:08:55 s216-232-70-103 postfix/smtpd<sup><a href="#fn16824">16824</a></sup>: 10736111D74: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:56 s216-232-70-103 postfix/cleanup<sup><a href="#fn16834">16834</a></sup>: 10736111D74: message-id=<028e01c5cd47$e1a5aab0$b6a7bb72@PEDCITG>

Oct 10 13:08:56 s216-232-70-103 postfix/smtpd<sup><a href="#fn16829">16829</a></sup>: 08A58111D75: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:56 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: 10736111D74: from=<ranijox@freemail.savei.net>, size=4124, nrcpt=9 (queue active)

Oct 10 13:08:56 s216-232-70-103 postfix/cleanup<sup><a href="#fn16834">16834</a></sup>: 08A58111D75: message-id=<NYAHWDRIGMKDZBDNTDMO@usairforce.com>

Oct 10 13:08:56 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: 08A58111D75: from=<sewebenci@usairforce.com>, size=2124, nrcpt=7 (queue active)

Oct 10 13:08:56 s216-232-70-103 postfix/smtpd<sup><a href="#fn16833">16833</a></sup>: 9024F111D79: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:56 s216-232-70-103 postfix/cleanup<sup><a href="#fn16838">16838</a></sup>: BDE4C111D72: message-id=<EHMCLKFQOSOICHBZUYPG@collegefootballpoll.com>

Oct 10 13:08:56 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: BDE4C111D72: from=<ericksen@collegefootballpoll.com>, size=2261, nrcpt=7 (queue active)

Oct 10 13:08:56 s216-232-70-103 postfix/smtpd<sup><a href="#fn16828">16828</a></sup>: AC317111D7A: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:56 s216-232-70-103 postfix/cleanup<sup><a href="#fn16832">16832</a></sup>: 90919111D5C: message-id=<014f01c5cdd6$71343730$27bad4f3@BUMZQEJ>

Oct 10 13:08:56 s216-232-70-103 postfix/qmgr<sup><a href="#fn12454">12454</a></sup>: 90919111D5C: from=<daselenae@comedycafe.com>, size=4206, nrcpt=7 (queue active)

Oct 10 13:08:56 s216-232-70-103 postfix/smtpd<sup><a href="#fn16824">16824</a></sup>: CDA44111D7B: client=s216-232-70-68.bc.hsia.telus.net[216.232.70.68]

Oct 10 13:08:57 s216-232-70-103 postfix/cleanup<sup><a href="#fn16838">16838</a></sup>: AC317111D7A: message-id=<YOBSBWWHAUXSPURPGVKQ@afghansite.net>

This was just the beginning as eventually both servers would have a relay queue of over 20,000 messages, and the smpt server at Telus would eventually start to deny this traffic. The address 216.232.70.68 is listed as a proxy server, and a known one for allowing outside relaying. The problem is that we are on the same subnet, otherwise, postfix would have immediatley timed out and denied this host relay access. Since I use the SMTP server at Telus for it’s credible PTR (this avoids being listed by spamcop or sorbs for too short a refresh time), the server itself is hardened a begins to deny this kind of constant barrage. Most of the email addresses where unreachable, thereby getting deferred, which means the queue manager just waits a specific period before retrying. A hopeless bottleneck, I then shut the server down and began the long process of deletion of some 20 Thousand deferred, and numbered, text files.

Immediately thereafter, I get a warning from Telus saying that I am risking losing service due to my breaking their anti-spamming rules. Unfortunately for me, they only see my IP and not the proxy in their server logs. I, of course, had sent them a detailed email with snippings of both the email and mail log files to show another IP was the blame, but I sent it via my mail server, quite by accident, and it never got delivered in the mayhem of 20,000 messages. Here’s a sample of the messages being sent, it’s a deffered record, so it’s looks a little harsh:


  C?           2062            1183              17               0T

1128977141Ssusanna@idxc.orgA,client_name=s216-232-70-68.bc.hsia.telus.netA client_address=216.232.70.68A>message_origin=s216-232-70-68.bc.hsia.telus.net [216.232.70.68]Ahelo_name=sitemail.everyone.netAprotocol_name=ESMTPOtex409@orionpolaris.comR tex409@orionpolaris.comOtex259@orionpolaris.comRtex259@orionpolaris.comOtetranitrate7@ orionpolaris.comRtetranitrate7@orionpolaris.comOtexagogo@orionpolaris.comRtexagogo@orionpolaris.comO thorin13@orionpolaris.comRthorin13@orionpolaris.comOthorly@orionpolaris.comRthorly@orionpolaris.comO thorbald@orionpolaris.comRthorbald@orionpolaris.comOtommytang@orionpolaris.comRtommytang@orionpolaris.comO tmdance@orionpolaris.comRtmdance@orionpolaris.comOtmkl23@orionpolaris.comRtmkl23@orionpolaris.comO tndogs@orionpolaris.comRtndogs@orionpolaris.comOtownsend@oriontele.comRtownsend@oriontele.comO thorten@oriontele.comRthorten@oriontele.comOthreeleggedlou@oriontele.comRthreeleggedlou@oriontele.comO thornton@oriontele.comRthornton@oriontele.comOthorsvoice@oriontele.comRthorsvoice@oriontele.comO threescore7@oriontele.comRthreescore7@oriontele.comM Received: from sitemail.everyone.net(s216-232-70-68.bc.hsia.telus.net [216.232.70.68])


  NIby s216-232-70-103.bc.hsia.telus.net (Postfix) with ESMTP id 000011A538;
  N&Mon, 10 Oct 2005 13:45:41 -0700 (PDT)N
  Received: from 239.144.96.117N7
  by 43.182.31.124.idxc.org (Postfix) with SMTP id 88355N 
  X-Originating-IP: [64.161.50.85]N'X-Originating-Email: [susanna@idxc.org]
  NX-Sender: Labovitz@idxc.orgN#From: "Labovitz" <susanna@idxc.org>N#
  To: "Ted" <tex409@orionpolaris.com>N(Subject: Would you like to fear NOTHING?
  N%Date: Mon, 10 Oct 2005 16:45:42 -0500NMime-Version: 1.0N'Content-Type: text/html;; 
  format=flowedN+Message-ID: <ONAICCQVORKCBBCVAEKB@idxc.org>N

The message then forwards to a site offering a quick snake-oil fix, and probably some sweet credit card fraud as well. Swell people, eh?

Alive and Well after Server Hell Kobrashell Hell

Recent Visitors

69.156.14.108 80.201.180.35 80.32.108.148 67.195.37.113 217.212.224.179 91.205.124.17 208.80.194.38 117.47.72.115 66.249.67.213 65.214.45.214 74.6.22.106 64.246.161.42 88.7.142.155 92.194.100.117 80.201.2.57 74.6.18.220 150.70.84.25 80.222.206.81 80.100.119.22 208.80.194.28 69.179.105.78 68.108.215.214 74.6.17.172 151.197.205.79 74.6.22.104 208.80.194.37 63.194.235.178 74.6.18.236 86.40.255.207 208.80.194.30 213.51.237.166 208.80.194.35 68.43.107.119 91.193.166.218 66.34.204.26 208.80.194.26 200.164.100.7 74.6.18.238 99.144.233.26 77.193.118.250 92.5.42.172 74.6.8.97 193.47.80.48 74.6.18.219 220.246.157.86 208.80.194.50 213.41.244.82 84.192.210.214 70.244.60.121 79.126.130.216 69.137.96.66 218.93.248.238 208.80.194.41 216.222.192.4 74.6.18.239 82.166.163.10 216.142.158.226 209.167.50.27 74.6.8.96 75.0.149.203 88.239.63.218 74.6.22.184 208.80.194.33 64.246.178.34 74.6.17.151 208.80.194.31 128.2.213.66 74.6.8.100 208.80.194.40 65.55.210.24 38.108.180.70 209.85.238.8 38.99.44.101 218.18.143.142 74.6.22.158 74.6.8.114 208.80.194.36 189.106.62.38 74.6.18.230 66.231.188.128 208.80.194.29 208.80.194.42 65.55.212.166 38.108.180.69 220.181.61.220 74.6.18.217 74.6.22.175 83.168.240.15 217.237.149.206 78.167.221.230 38.99.186.39 123.211.28.164 66.249.67.8 74.6.22.169 213.226.254.8 66.249.67.82 41.251.98.32 213.192.60.19 77.135.147.169 74.6.22.156 78.175.28.109 208.80.194.32 67.172.153.149 69.71.222.186 74.6.8.125 65.55.110.85 78.38.23.87 38.105.86.201 208.115.111.248 41.204.193.43 74.6.8.93 206.196.111.204 88.230.47.246 204.69.115.56 74.6.18.241 66.235.124.11 195.241.174.202 83.133.125.202 69.206.141.133 70.48.112.13 208.80.194.43 220.181.61.192 195.46.251.2 120.7.166.66 207.178.4.6 38.108.180.86 74.59.101.26 208.80.194.55 82.198.20.4 69.180.209.106 86.135.9.220 74.6.18.229 198.87.2.45 74.6.22.168 88.226.22.192 88.217.20.175 75.18.213.72 119.63.194.131 38.108.180.88 217.212.224.186 74.6.8.106 74.6.17.169 189.106.84.123 189.61.196.181 38.108.180.93 121.205.183.31 124.124.60.6 66.249.85.133 74.6.22.95 75.58.35.188 150.70.84.47 81.213.163.181 24.8.156.63 74.6.8.119 203.73.176.33 72.13.36.13 66.249.73.151 64.39.0.68 74.6.8.120 83.60.108.76 77.102.24.35 82.99.30.30 82.99.30.18 82.99.30.49 82.99.30.35 98.112.230.85 208.111.154.15 66.187.122.210 74.6.22.187 204.182.3.235 74.6.18.245 204.10.132.7 82.99.30.32 82.99.30.46 82.99.30.11 74.6.22.171 72.30.78.225 207.6.150.72 72.30.78.234 195.221.212.241 65.214.45.215 66.235.124.58 72.30.65.54 72.30.79.25 208.80.194.27 64.246.187.42 209.112.29.211 65.214.45.217 66.235.124.54 66.249.70.91 210.233.9.232 193.206.186.101 58.71.125.123 84.162.121.63 64.39.0.38 72.94.249.34 195.208.13.62 74.6.18.251 70.69.45.101 217.227.55.93 212.77.204.115 66.90.118.101 205.209.170.2 85.104.233.106 74.6.22.99 74.6.22.107 99.245.133.213 194.74.238.60 74.6.8.90 207.216.160.220 96.57.221.106 74.6.22.180 217.148.95.133 207.216.162.222 208.131.186.19 74.6.22.181 97.74.95.93 86.81.235.120 38.108.180.94 208.80.194.44 75.101.231.175 82.99.30.21 66.249.67.5 82.161.231.16 74.6.22.177 85.104.246.218 202.74.194.16 208.80.194.46 98.163.246.226 64.246.165.170 91.16.243.223 83.136.24.45 82.99.30.54 82.99.30.10 208.80.194.49 203.88.220.187 24.85.251.181 81.213.89.56 193.47.80.77 38.100.41.105 85.96.142.145 208.80.194.48 58.39.113.158 85.167.229.250 203.34.143.18 82.99.30.15 82.99.30.29 82.99.30.37 82.99.30.20 82.99.30.47 147.162.3.221 147.52.180.201 164.140.159.143 74.86.176.75 219.234.81.41 74.52.245.146 69.154.225.218 83.146.14.3 72.30.161.217 72.30.79.124 82.99.30.60 82.99.30.13 82.99.30.58 82.99.30.44 72.30.81.169 67.161.54.212 64.246.165.237 72.30.79.55 124.180.95.219 70.38.71.168 70.244.98.204 72.30.161.220 72.30.65.27 69.84.207.147 82.169.24.81 72.30.142.90 88.240.4.5 72.30.142.89 72.30.81.164 72.30.81.154 208.80.194.54 66.249.67.3 24.204.3.242 72.30.78.229 82.166.163.11 74.6.17.162 82.66.148.215 72.30.142.187 71.61.0.194 72.30.79.60 66.249.70.118 72.30.142.178 82.166.163.13 194.138.12.146 72.30.142.182 72.30.142.96 65.199.185.44 72.30.79.82 122.227.41.162 65.55.210.23 65.55.109.62 65.55.210.22 65.55.107.209 65.55.210.13 65.55.109.69 65.55.210.21 38.103.63.62

Anthem Challenge - My Bid

Mea Culpa From Somewhere On The Hill

Crack Book Tales

Spinal Chord - Variety Telethon 1991

Burnin' Tires

Mail Server DOS Hell

Recent Articles

Sites of Interest

Network Neutrality — Without Regulation

Lessig, Zittrain, Barlow To Square Off Against RIAA

Study Recommends Online Gaming, Social Networking For Kids

CRTC Rules Bell Can Squeeze Downloads

MIT and NASA Designing Silent Aircraft

Spider Missing After Trip To Space Station

Studios Sue Oz ISP Over Allowing Piracy

Google Terminates Lively

IRS Looking at Google/Mozilla Relationship

Most of Woolly Mammoth Genome Reconstructed

New Xbox Experience Goes Live

NASA Exploring 8 New Space Expeditions

Towards a World Wide Grid?

Researchers Getting the Lead Out of Electronics

Adobe Releases C/C++ To Flash Compiler

Recent Visitors