being more flexible than FEATURE(compat_check)

A user at ServerFault asked how to restrict a user to send mail only to local addresses. Normally in sendmail, user / sender filtering decisions are done using FEATURE(compat_check), but while it does provide flexibility on deciding on specific pairs which are entries in /etc/mail/access, for more flexible stuff you have to write your own version of the check_compat rule set.

check_compat‘s workspace is a string that contains the addresses given in the MAIL FROM: and RCPT TO: SMTP dialog, separated by a $|. Whenever one works with addreses in sendmail, one has to canonify them, but since whatever rule set is called within another rule set always takes one argument (workspace) we have to use macros to store the canonified addresses before proceeding to any pattern matching. So first we have to declare the macros in our sendmail.mc:

LOCAL_CONFIG
Kput macro
D{put1}empty1
D{put2}empty2

The above snippet has declared a map (named put) and two macros that we will use to store the canonified addresses (named put1 and put2) initialized to some non empty bogus value. Since the workspace for check_compat is in the form sender address $| recipient address, we canonify the recipient address first:

Scheck_compat
R$* $| $*               $: $1 $| $>canonify $2
R$* $| $*               $: $(put {put2} $@ $2 $) $1

Up to here the rule set puts the canonified mail address for the recipient in ${put2} and returns the sender address (the last $1 in the second line) for further processing. Therefore we are now ready to repeat the process and store the canonified sender address in ${put1}:

R$*             $: $>canonify $1
R$*             $: $(put {put1} $@ $1 $)

Macro operations return an empty string so now we have to retrieve the addresses from the macros and reconstruct a canonified workspace for any further processing:

R$*             $: $&{put1} $| $&{put2}

This results in the workspace now being in the canonified form of:

sender < @ sender . domain . > $| recipient < @ recipient . domain . >

regardless of the multitude of ways one can express an email address in. This is why we need canonification in the first place: There are many ways one can enter an address in MAIL FROM: and RCPT TO: and canonification returns an address in a single format that all the other rule sets can work with.

Now if someone wants to restrict where a user sends mail based on MAIL FROM: and the recipient domain, one can add the following lines in check_compat:

# Now we can filter on sender and recipient
Ruser < @ $=w . > $| $* < $=w . >        $#OK
Ruser < @ $=w . > $| $*                  $#discard $: $2

The above silently discards email not directed to the local domains (Class $=w). If you want to test your rule sets (sendmail -bt) you have to keep in mind that sendmail’s test mode interprets $| as two characters, so you have to use a “translate hack”:

LOCAL_RULESETS
STranslate
R$* $$| $*    $: $1 $| $2

Now you can check check_compat by typing:

# sendmail -bt
> Translate,check_compat sender@address,recipient@address

and watch what happens. As always keep in mind that in sendmail.mc the left hand side of the rules is separated from the right hand side with tabs, not spaces. So do not copy-paste. Type the code instead. Next you need to compile your sendmail.cf and restart sendmail. In Debian as root run sendmailconfig to do this.

My eyes hurt! Can it be done another way?

Of course! You can install MIMEDefang together with sendmail and modify filter_recipient to your liking. Depending your operating system / distribution you have to check whether you need to enable filter_recipient or not. In Debian you have to edit /etc/default/mimedefang and restart the MIMEDefang daemon. After enabling it, you need to add in /etc/mail/mimedefang-filter your version for filter_recipient:

sub filter_recipient {
  my ($recipient, $sender, $ip, $hostname, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;

  $sender =~ s/^\<//;
  $sender =~ s/\>$//;
  $sender = lc $sender;
  
  $recipient=~ s/^\<//;
  $recipient=~ s/\>$//;
  $recipient = lc $recipient;

  # Put your conditions here
  ...

  return('CONTINUE', "ok");
}

You need to reload mimedefang-filter after editing this, so as root run (in Debian) /etc/init.d/mimedefang reload and check your logfiles for any errors.

Quotas

Austerity rules.

Pro Website Development and Operations

I read about “Pro Website Development and Operations” at Tom Limoncelli’s site, so I immediately marked it on my list of books to buy. A few days later Apress held a $10 ebook sale on every title they had, so I bought it. The good news first: The epub version of the book renders nicely on my BeBook Mini.

I have not written a book yet, but I know one when I read one. And this is not a book. It is a series of good long blog posts expanded to fill the size of a book (124 pages). It was not very well proof read so that it has many grammatical and syntactic errors and some others like “you might have several hundred servers in the subnet 10.10.20.0/24,”. You can have a couple hundred servers on a /24 but not three hundred so it is not some, sorry. A trivial mistake, but indicating of things that can annoy you in the book.

The word engineering and its derivatives is overused. There’s a reason that the intended audience of the book are DevOps and not engineers, or software engineers (even though there exist people who can carry all three hats). And that is that they are not. There is a great difference between engineering a solution and calling everyone on board an engineer. That is unless what you build has a direct impact on human lives (or loss of them) or is something that when failing can cause a national economy to go under or a disaster of a similar magnitude.

An interesting thing about the book is that it talks a lot about the significance of measurements in order to understand a site’s usage patterns. However there is not a single formula or methodology mentioned which the read can use in order to measure things! It is more along the lines of “you need to measure stuff because it is important” but nothing about how to measure or how to lay out a plan for a measurement infrastructure. Because forecasting performance is a must in website development and operations, I was expecting something like “Forecasting Oracle Performance“. I was also expecting hints on how to size a new server. Of course I will size a new server carefully, but I bought your book not to read generalizations, but how you actually do it. Again no formula (if you want to see some interesting mathematics on the subject, see “Mathematical Server Sizing“). We need to model stuff, so where is how I build and test a model?

Another thing I take issue with is the special projects team that the author advocates. The author is right in advising rotating roles between members of the special projects team in order to diffuse knowledge among them, but I believe that he has managed to be a member of special project teams only. Otherwise he would have described the impact on the morale of the operators who are not members of the special team that builds exciting new projects. Projects that it that get the budget, get to use new technologies and hardware to experiment on, while the rest must work on (a restricted) budget to maintain a (legacy) system that already brings money on the table. So in fact you not only have to rotate people among roles in the special projects team, you have to rotate them in and out of the team too. This also brings the advantage of avoiding the build up of IT silos or other small dominions with a single point (the operator) of failure.

Is there anything good in this book? Taking good care of your people and their health is one. Making it sure that they get proper sleep, even before launching is important. Not only for the health of the workers, but for the health of the company (and its culture) too.

The other thing I really enjoyed in the book, was the interviews the author did with Tom Limoncelli and with Santiago Suarez Ordoñez of Selenium fame.

In its effort to be technology agnostic so as to stand the test of time, the book suffers from generalizations and is disconnected from practice. Wait for the second edition.

re: IEEE Annual Election – Important Message for Region 8 Members

From the IEEE Region 8 Director’s mail to members:

Less than 15% of the IEEE members with voting rights have voted so far – worldwide!

Region 8 (Europe, Africa, Middle East) has almost 60000 voting members. In recent past, even Presidents have been elected with fewer than 20000 votes, and some Directors with significantly less. Also, some officers have been elected with a very small vote difference. Therefore, your vote is very important!

Dear Director, do not ask me to vote. Find out why I am not voting, even though I am a member and eliminate the problem. Dear candidate, this is your challenge too: Increase the number of voters (and their level of engagement) during your stay in office.

broken :)

→ broken :(

Athens Indymedia shut down

~~Το Indymedia έκλεισε. Πήρε περισσότερο χρόνο από όσο πίστευα το 2009:~~

Τολμώ να ρισκάρω μια πρόβλεψη: Τελικά σε λιγότερο από χρόνο το athens.indymedia.org θα “βγει” εκτός ΕΜΠ. Και αυτό δεν θα είναι προς όφελος αυτών που θέλουν να το βγάλουν.

Τώρα μένει να παρακολουθήσουμε τη συνέχεια και το νόμο των αθέλητων συνεπειών. Διότι είμαι βέβαιος πως ο συγκεκριμένος χώρος θα ξαναοργανώσει μέσο διάδοσης των ιδεών και της πληροφορίας που τον αφορά. Απλά θα είναι πιο δύσκολο για το Κράτος να τον παρακολουθεί και να ασκεί τέτοιες μεθόδους ελέγχου. Μα τόσο groupthink πια;

→ Αρνείται η Αστυνομία ότι κατέβασε το site

Θα περίμενε κανείς μετά από τόσα χρόνια να είμαι πιο προσεκτικός στην ανάγνωση ειδήσεων και να εφαρμόζω καλύτερα τον κανόνα:

Never attribute to malice what can be attributed to stupidity.

Η καχυποψία μετατρέπεται εύκολα σε βεβαίοτητα και το fact checking πάει περίπατο. Ούτε δημοσίευμα του οπαδικού τύπου να ήταν. Ας μου γίνει μάθημα για την επόμενη φορά. Το να προκαλεί τέτοια αναταραχή ένας αρουραίος, είναι unintended consequence. Όλοι την πατάμε κάποια στιγμή.

Update 2013/04/12: Less than a year passed and it is really down.

“Καλύτερα να είχαμε γίνει Αργεντινή”

Sebastián Leto, παίκτης του Παναθηναϊκού, για την κρίση στην Αργεντινή:

“Την βίωσα την κρίση, αλλά ως παιδί. Αυτοί που ένιωσαν την κρίση στο πετσί τους ήταν οι γονείς μου. Πολύ επώδυνη περίοδος. Ο πατέρας μου έμεινε απλήρωτος για έναν ολόκληρο χρόνο από την δουλειά του. Φανταστείτε τι συνέπειες είχε αυτό για την ζωή της οικογένειας, που ήταν απολύτως εξαρτημένη από τον μισθό του. Εκατομμύρια συμπολίτες μου βίωσαν παρόμοιες καταστάσεις. Δεν είχαν χρήματα για να καλύψουν ούτε τις πιο βασικές ανάγκες του ανθρώπου, το φαγητό και την ένδυση. Η αλήθεια είναι ότι η κρίση στην Ελλάδα δεν με αγγίζει άμεσα. Δεν την αντιλαμβάνομαι καθημερινά, ίσως γιατί αποφεύγω το κέντρο της πόλης, όπου τα προβλήματα συσσωρεύονται. Ξέρω βέβαια τι συμβαίνει. Αλλά για να είμαι ειλικρινής δεν την βιώνω.”

Απόσπασμα από συνέντευξη στο “Κ” της Καθημερινής, όπως αναδημοσιεύτηκε εδώ στις 2011/12/27.

(In-Reply-To:)

Update: Ο @kargig με εγκαλεί για επιλεκτική αναφορά στην φράση του κ. Τσίπρα. Ας την παραθέσω ολόκληρη:

“Μακάρι να είχαμε γίνει Αργεντινή όπως είχατε πει γιατί πέρασαν δυσκολίες αλλά τα κατάφεραν με αξιοπρέπεια να σταθούν στα πόδια τους αλλά εσείς μας οδηγείτε σε πολύ χειρότερες καταστάσεις θα είμαστε υποτελείς.”

Ακόμα χειρότερα μου αποδίδει πολιτικά κίνητρα. Κρίμα. Είναι μάλλον που για την αξιοπρέπεια έχω διαφορετικό ορισμό από αυτόν που δίνουν οι κάθε λογής Ελληνικοί Πολιτικοί Σχηματισμοί. Οι οποίοι μέσα στο newspeak τους απλά έχουν, μηδενός εξαιρουμένου, συμπεριφορά Inner Party.

Update #2: The six peso diet.

The sysadmin oxymoron

/* This has been gathering dust for quite some time now */

“The cost of communication waste” made me think of the standard oxymoron in our line of business:

“We are forced to kill our children to make our point” says a fellow sysadmin. This is the case where, although the system administrator has recommended an update, upgrade, improvement etc. this is denied thus forcing the system to degrade slowly (or fast sometimes) no matter the effort put against decay by the administrator. Who will finally be forced to let the system die proving the point along the way. But this is no victory. System Adminitrators derive no joy by being right when disaster strikes; they want to have resources for their systems not to fail or at least abandon them properly.

As system administrators we build systems that are supposed to support certain operations for our employer. We build stuff, automate processes and generally walk a path, that the untrained eye thinks it leads to eliminating the necessity of our services. In essence we build our own obsolescence. When things do not work, users (sometimes rightly) believe that we do a lousy work. On the other hand when we sit idle in our offices, we are not needed and may sometimes even be considered a burden, a cost center. Why would one pay a system administrator, if he seems idle all the time? The contradiction is clear: When the systems do not work, it is because we do a lousy job. When the systems work, our services are supposedly not needed.

Fat behaviors rule the IT workplace (IT Gestapo, toxic meetings, pointless report generation) and BOFHs are equally guilty of this. This is the balance we have to keep up with daily, but when running systems with a lot of responsibility but without authority, we have to find ways to make management not only listen, but also act. Because management takes a bet: Things won’t break while they are in office. Since we have to either leave or live with that, we either take the same bet or we make damn sure that our technical points are permanently recorded.

Lean vs Fat behaviours and the Public Sector

“Lean behaviors” is a fantastic paper written by Bob Emiliani. If I was to use a highlight marker, I could easily paint the whole paper.

“[an organization] must possess an ability to change how it thinks, which requires a culture characterized by trust, shared responsibility and openness to experimentation without fear of failure“.

“Lean behaviors are defined simply as behaviors that add or create value. It is the minimization of waste associated with arbitrary or contradictory thoughts that leads to defensive behavior; ineffective relationships, poor co-operation, and negative attitudes. […] [“fat” behaviors] include the display of irrational and confusing information that results in delays or work stoppages, or the articulation of unsubstantiable subjective thoughts and opinions. Fat behaviors are recognizable as lots of talk where nothing has actually been said, or indirect words whose meanings are subject to variable interpretations”.

What an accurate description of the Public Sector!

[The cost of communication waste]

The Curious Incident of the Dog in the Night-Time

At my good friend’s S.B. suggestion I read “The Curious Incident of the Dog in the Night-Time“. Although I am biased, this is easily one of the best books I have ever read. The main character of the book is a teenager on the autistic spectrum, who upon discovering a neighbor’s dead dog, makes it his mission to find out who killed the dog. This proves to be an adventure far more complicated than he expected and the hero is forced to deal with situations he is not accustomed to.

On the surface people may find this book entertaining, reading the narrative from the point of view of the hero and how he reacts to different stimuli (and how and why his reactions are different than what “normal” people would do). But this is not a teenage autistic version of Sheldon Cooper. This is not fun. This is not cool even though Christopher (the hero) can understand the Monty Hall problem or Conway’s Soldiers better and faster than you. This is the life of a high functioning autistic and it takes its toll on him and his supporting environment. And it shows how totally unprepared (and prejudiced) “normal” people are when needed to deal with people with slightly different wiring in the brain. It is also a story of trust, how easily it can be broken and how hard it is to build it up again.

You will enjoy the chapter numbering though.

If you have friends (or extended family) living in the problem, read the book. It will help you understand their situation. The book has been translated in Greek as “Ποιος σκότωσε το σκύλο τα μεσάνυχτα;” and it will take you a couple of days to read it. I read the English ePub version. For a shorter version in understanding what goes on in an autistic mind you may read “Ο Αυτός“.