Earning Trust for Your Email Server

I host my own email server, this in itself is a very odd thing to do in this day and age.  If you want email to come from your domain, Google offers this for free and provides the same interface as Gmail. If you insist on running your own mail server, then setting it up to use your ISP as a smarthost is the easy way to go (very easy with Ubuntu), of course I didn’t take that path.

As an aside, setting up a mail server that uses fetchmail to gather email from the various accounts you have, and using a smarthost configuration to send email does give you most of the benefits of running your own mail server with very few headaches.  The reason to do this might be that you don’t want to trust Google (or someone else) to hold all your email, and/or you don’t want the individual PCs in your house to be the storage for your email (hard to migrate to a new machine, recover from disaster).  This is how I started down the path of running my own true email server. [I keep thinking that someone should create an easy to install NAS add-on that provides exactly this type of email server]

Ok, maybe you don’t want to run your own email server but you’re interested in knowing what is involved… Having a static IP address is handy, mostly to save you from DNS issues.  While you can manage to have a domain name tied to a dynamic IP, many blacklists include the IP ranges used by ISP for dynamic addresses.  Of course you need a domain name, and a DNS server too.  You might also want to consider a secondary MX record, in case your connection goes down.  You’ll also want to check that your ISP isn’t blocking port 25 outgoing, and having a valid reverse DNS is important too.

So you’ve followed the Ubuntu documentation and setup a mail server, great.  Assuming your IP address is “clean” (ie: not on a blacklist), then you can probably send email just fine.  Until you start hitting problems where spam filters have taken a dislike to your system – in my case it was Rogers (email provided by Yahoo) that treating my outgoing as spam.  One solution is to have the recipient add your email address to their address book so they do still get to see your email.  It may still get tagged as [Bulk] but it won’t get lost.  This isn’t a great solution for someone new you want to contact, or a friend who isn’t terribly technical.

It turns out there are some additional measures you can take on the email server side to add more trust.  There are three I’ve implemented:

All of them rely on the same basic ‘trick’ of adding a TXT record to your DNS information that serves to validate the email.  This works for the simple reason that spammers tend to use botnets made up of machines without valid DNS records.  SPF simply is a declaration that the IP address sending the email is allowed to send email for the specified domain.  DKIM is an updated version of DomainKeys, but both can be used concurrently and some systems only know one.  Both DKIM and DomainKeys have the email server sign the email with a secret (private) key, and the DNS record has a public key that will validate the signature.

After implementing all three, it turns out Yahoo was still tagging my email as spam.  Very frustrating.  One solution I did consider was to avoid the problem entirely and selectively smarthost email going to rogers.com (and yahoo.com, etc).  In the end, it turns out that Yahoo maintains their own blacklist of sorts and you can request to be removed.  To check this, you need access to a yahoo email account that you can send test messages to.  By examining the header you will see X-YahooFilteredBulk if your IP is on their blacklist, this appears to be independent of the status of your SPF/DKIM/DomainKeys authentication that should show as a pass.  The solution is to fill in the Yahoo form, and be persistent.  Much of the form will not apply but you do need to fill it in with something reasonable (and valid).  After a couple of exchanges over several days I was rewarded with this reply:

While we cannot fully exempt your mail server from our SpamGuard
technology, we have however, made appropriate changes to this IP address
in our database. This should help with delivering mail to the
appropriate Yahoo! folders.

Now email sent to yahoo.com is not tagged as spam or [Bulk] – I did a little victory dance once this happened.

The remainder of this post goes into some of the details of getting the three (SPF, DKIM, DomainKeys) implemented.

Continue reading “Earning Trust for Your Email Server”

Nokia 5310 Review

Well way back in March of this year I got myself a new cell phone, the Nokia 5310.  Now that I’ve had it for a good part of the year, it is overdue for a review posting. Many of my friends have iPhones, BlackBerries, or Android (HTC) phones – giving me some serious gadget lust.  I’ve read other reviews of the 5310 which put it in the smartphone category, and while it is a good phone and has reasonable performance and functionality – it isn’t in the same league as an iPhone.

Let’s start with what I like a lot about the Nokia 5310: Battery life – I charge my phone once a week, Sunday night. Granted I’m not a heavy user of the phone: I’ll log 15mins of calls during a given week, a few text messages, and this week I listened to MP3’s on it for an hour – all on one charge.  My number two feature is the form factor, this phone is small.  Many do not like the candybar style – but for me, I find it works.  Up third is voice / call quality.  My experience with Nokia phones is that they deliver great voice quality, and the 5310 has not let me down.

Ok, on to a few negatives.  The camera is pretty poor, it feel slow and needs bright well lit scenes to take pictures that don’t totally stink.  The display while nice and readable, even in full sun – seems to have two small dust leaks in the bottom corners.  The result of the dust leak is visible in the photos of the phone, it doesn’t impair day to day use but it is sort of annoying.  That’s it for the negatives really, I might complain a little about the buttons not being very positive feeling but I’ve gotten use to them.

The pictures above shows my iPod Touch and the Nokia 5310, it really puts into perspective how small this phone is.

Other features that I’ve found useful: Bluetooth support, both headsets and data connectivity over bluetooth.  This allows me to synchronize the address book with my computer and move pictures, music, or MIDP (java) to and from the phone.  There is also a USB cable interface (good for firmware updates).  It has a standard 3.5mm headphone jack, and it does support MP3 playback (the quality of the music playback was very good).  There is a speaker on the back, and it is quite loud (great for speaker phone calls).  It has a micro SD slot, and I’ve got a 1Gb card in there but it will support up to 16Gb.  The screen resolution is 320×240 and as I mentioned above, it is quite readable in even full daylight.

In summary – it a great little phone.  The battery life is awesome and let’s me taunt my iPhone friends.  I don’t think any of the carriers are offering these anymore, but you can find them used for $120-$175 quite easily (in fact, I purchased mine used).

Now you might have noticed the Apple logo on the screen in the first picture, there is a story behind that.  This specific Nokia 5310 is unlocked, and unbranded (some say debranded).  Read on for the gory details..

Continue reading “Nokia 5310 Review”

Wake On Lan

The ability to wake a machine up over the network is really nice.  This feature is referred to as wake on lan (WOL).  Most modern hardware supports this, and many operating systems have it nicely integrated (Mac OSX for one) – under Linux it required a bit more magic.  This post is specific to Ubuntu 9.10, however it probably applies to other versions and variants.

Primarily I was looking to wake up from suspended state as I tend to let my machine sleep when I’m not using it, however WOL works with both hibernate and full shutdown. If you are having trouble, its a good idea to validate that your BIOS settings are correct – as support for WOL can be enabled/disabled in the BIOS.

Unfortunately since everyone has different hardware, the details of the solution will be different.  I learned a lot of this from a thread in the ubuntu forums.  Here is my specific solution, read on past the break if you want to understand how I arrived at this solution.

I created a file /etc/init.d/wakeonlan with the following contents

#! /bin/sh
### BEGIN INIT INFO
# Provides:          wake on lan
# Required-Start:    $network
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Configures WOL
# Description:       Configures Wake-On-Lan
### END INIT INFO
#
ethtool -s eth0 wol g
echo enabled >  /sys/class/net/eth0/device/power/wakeup
echo SLOT > /proc/acpi/wakeup
echo KBC > /proc/acpi/wakeup

Ensuring the permissions allow execute (chmod a+x wakeonlan).  And added it to the startup sequence:

sudo update-rc.d -f wakeonlan defaults

Now every reboot you’ll get WOL setup, and the keyboard will wake up the machine too.

Continue reading “Wake On Lan”