Chuck's Blog

Ok, just because I’m getting hit by quite a few Google searchs for this I’ve decided to just do a quick post on what this error message means:

554 service unavailable blocked using zen.spamhaus.org

Is just a fancy way of a server saying they have blocked you from sending email to them due to a listing in Spamhaus. Now, you should not be getting angry at the server owner for this, they only use the blacklist to reduce spam. You should instead check Spamhaus to see why your IP address is included in the blacklist.

One of the most common reasons for your IP being in this blacklist is because it is dynamic. Because most spam origionates from dynamic IP’s Spamhaus’s Zen blacklist has these included in it. The only real ways around this is to change your IP to a static one, route your mail through your ISP’s server, or route your mail through some other server with a static IP.

I just recently reinstalled Ubuntu on my labtop, an Inspiron 1521, and noticed quite quickly that multiple monitor support on ATI cards is much better than before. Though I advise against using the proprietary driver since you already get 3D acceleration with the open source one.

The only thing I see that is a big disadvantage is that GNOME doesnt like to let you set a seperate desktop background for the extra monitors, but this has been the same for all previous versions of GNOME I can remember. Its not a function impairing problem, but it is something I would like to see changed, and the Ubuntu leaders would could likely make this change considered alot more by the GNOME developers.

But anyway, good job Ubuntu team!

While just doing my regular news searches I found an interesting article on a topic know as “Silent spamming.” 

Basically the way this works is by utilizing features most of us include on our forums and websites, like member website links in a forum and referrer links in unprotected stats folders. The target of these spammers is not people exactly; it’s search engines like Google and Yahoo!

Why would they do this? Well, it allows them to increase their PR, (Page Rank) which in turn makes their website show up even more often in searches. This can also be a big problem from our end as sites that link to spam sites, notably porn ones, are penalized by said search engines.

Since the article is a forum post many people have replied with solutions for the various methods of Silent Spamming, so if you think your website is at risk there’s surely a way to fix it listed in there somewhere.

After noticing a sharp increase in spam attempts (thankfully spamassassin catchs them!) after setting up my MX server on multiple domains I began to search for a simple, effective, and cheap config for postfix to drop them at SMTP level. Now with Exim4 I could run spamassassin at SMTP level, but postfix isn’t really that interested in letting me do that easily. So I went to my ‘ole friend, RBL’s.

So, in order to try them out, add this to your postfix main.cf

default_rbl_reply = $rbl_code Service unavailable; $rbl_class
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}

smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
#RBL's
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client bl.spamcop.net,
   permit

This setup allows the networks specified in your main.cf file to relay, as well as SASL authenticated users. If the connected user is neither authenticated or in your mynetworks postfix will run through the basic checks, like is the mail actually addressed to this domain, is the sender from a fully qualified domain name, etc. until it reachs the RBL checks. If it passes these then it’s sent into the queue, else the mail gets denied with a message like this:

554 5.7.1 Service unavailable; Client host [*******] blocked using
zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=*********;
from=<***@theirdomain.com> to=<***@yourdomain.com>
proto=ESMTP helo=<theirdomain.com>