October 2010

Monthly Archive

Greylisting explained

Posted by zdravko on 27 Oct 2010 | Tagged as: Tech

Well, I bet you know what a SPAM e-mail message is, so I am not going to explain it to you. Rather I will show you now to fight SPAM. One of the most powerful tools against SPAM to chose from is the Greylisting. And it happens that the last day there was a SPAM storm attack against a server running this tool, which is a perfect example how it works in real action. Take a look at the following picture:

Greylisting in Action

I will explain it step by step:

  1. Greylisting will “temporarily reject” any email from a sender it does not recognize (putting it in Pending queue – represented by the blue line).
  2. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the email will be accepted (moving from Pending to Verified queue – represented by the green fill).
  3. If the mail is from a spam sender, sending to many thousands of email addresses, it will probably not be retried (timed-out entries are deleted from Pending queue).

In the above example, which is using real data statistics, almost 1000 servers have tried to comunicate to that particular server in timeframe of just 4 hours, each of them probably trying to send 100-s of SPAM messages, or more. Imagine what amount of SPAM was filtered out by just using simple Greylisting implementation. Good job, right?

Edit: The issue was resolved in 24 hours, as it’s visibe from the following picture:

Greylisting Resolved

No Comments »

1billion <> 1billion

Posted by zdravko on 06 Oct 2010 | Tagged as: Tech

A friend asked me why in one of my programs I am counting transferred bytes in KiB and MiB-s; why I am not using easy-for-read Kb, MB, GB prefixes we all are familiar with? And the answer is… because it is just NOT right! More detailed explanation after the jump:

http://lpar.ath0.com/2008/07/15/si-unit-prefixes-a-plea-for-sanity/

“Everyone knows that 1MB is 1024KB, unless you’re talking about DVDs, or reading manufacturer specs for a hard drive, and that’s just the hard drive manufacturers being stupid. Everyone knows that ‘K’ on a computer means 1024; except for speeds, where it means 1000, except for file download speeds where it means 1024, except when it’s the speed of your modem, when it’s 1000. Everyone knows that. What, are you stupid?”

1 Comment »