Blocking a netblock because why not

There is an ip address or block whch when i grep-ed**  and wc -l* counted 11000 lines of fail.  Email might be hard but that level of failure deserves a more detailed examination.

Eventually i whois lookup the thing – find it is in Romania and see this.

remarks: *** Abuse Reports to :
remarks: *** This IP block is used for web hosting, ***
remarks: *** dedicated and co-located servers. In ***
remarks: *** case of spam, please only deal with ***
remarks: *** originator IP only. ***
remarks: ************************************************

Not knowing whether i would be playing whack a mole with a secondary mx or more i decided to mallet the whole block (my block) after all 11000 things say where shit at this.

I enjoy funny whois messages this one from iran (my blog) is fun and i guess our new chums at will not be able to help there client until our servers gets a reboot whenever that is.

I did not contact them as clearly its more fun if we dont.

So if your a client of them you know why things dont work.

*nothing to do with a toilet -joke ** not a hollywood rape method

dkim gets an protocol update, but might be an chicken and egg problem in the making

are you shrek ?

Since i appear to be one of two people and half of a labrador dog who blog about opendkim (my blog) and dkim (my blog) here and have had signing of mail for way too long* i was surprised to read that dkim is getting a freshen up.

I have no problem with that but i wonder what will happen in the real world.  After all dkim does sound voodoo to most people and not on the radar of err stuff.


That is where the possible problems start – not with the better hashes but with companies like microsoft [microcrap] not supporting stuff there lies issues .  I am willing to experiment using the zoos mail servers since i can get some kind of software but it is not going to happen soon.

I will bet that google will support it provided there diversity hires (my blog) have heard of dkim, and know what a computer is as well. I guess there will be some interesting dmarc reports coming to the zoo’s dmarc inbox when i start.

Anyhow it kind of sounds fun to me and despite i occasional whiny rant i like what dkim is supposed to do most of the time and its not going to get dumped.  Not that i regularly say a lot about it.

*./compile, make, make install

I want my hour back

So i was trying to create some imap servers and got to the stage where the cyrus imap database was needed normally once  via /sbin/cyrus-makedirs and if your not paying attention now by /usr/lib/cyrus/bin/makedirs which should work but now has a huge problem.

The only trouble was it is hardcoded -see

#!/bin/sh -e
# cyrus-makedirs - Parses a Cyrus imap.d configuration file, and creates
# the correct directory trees for all partitions
# Copyright 2001,2002 by Henrique de Moraes Holschuh <
# Released under the terms of the GNU General Public License (GPL) version 2

# See lib/util.c, dir_hash_c for Cyrus’ directory hashing
# for the new hash style
# for the old hash style
HASHDIRS=”a b c d e f g h i j k l m n o p q r s t u v w x y z”

# Sane locale, please
export LC_ALL

[ -r /etc/default/cyrus-imapd ] && . /etc/default/cyrus-imapd

getconf () {

Argh so when you run it even with the path to the config file it will not work for the /etc/imapd.conf is the only one used.  It works but only on that file.  Cool but if you have zoo1, zoo2, zoo0 and zoo4 cyrus imap files your not going to get a working store

Since i kind of expect this shit from cyrus imapd i fixed the file to my config file in /etc/cyrus/zoo34.tld.conf by creating a copy and editing the bloody script. and then running the bastard

So if your reading this and failing to connect to your new store because there are no db files and the thing that does it is not doing it then you know what to do, i hope i save you an hour or two.

This was easier ten years ago but cyrus imap can be tricky to upgrade (my blog) and being we have ten year plus imap stores just one of things to navigate.

I love being a mind reader.

retards with dmarc


Another retard who used Microshit (my blog)
Remote Server returned ‘554 4.3.2 mailbox busy; STOREDRV.Deliver.Exception:StoragePermanentException.MapiExceptionMaxObjsExceeded; Failed to process message due to a permanent exception with message Cannot complete delivery-time processing. 16.55847:B1020000, 17.43559:0000000090000000000000000000000000000000, 20.52176:140FE5810F0010106C020000, 20.50032:140FE5817F17101071020000, 0.35180:03000B37, 255.23226:76020000, 255.27962:0E000000, 255.31418:7B020000, 16.55847:8F010000, 17.43559:0000000090020000000000000F00000000000000, 20.52176:140FE5810F0010105B050000, 20.50032:140FE5817F17101060050000, 0.35180:0A00B780, 255.23226:65050000, 255.27962:0A000000, 255.27962:9E000000, 255.17082:E4040000, 0.18273:6F050000, 4.21921:E4040000, 255.27962:FA000000, 255.1494:0A00BB80, 255.1238:79050000, 1.29920:07000000, 7.29828:41420F000000000000000000, 7.29832:40420F000000000005000780, 4.45884:E4040000, 4.29876:E4040000, 4.30344:E4040000, 4.37696:E4040000, 4.58176:E4040000, 7.40748:010000000000010C00000000, 7.57132:00000000000000000F010480, 1.63016:9E000000, 4.39640:E4040000, 8.45434:10D38DFFA885F2418179636382C870570F010480, 5.10786:0000000031352E32302E303438352E3031353A5649315052303630314D42323430303A38623266373864612D303436612D343561632D393363352D383533343364623537393438000F010480, 255.1750:C4050000, 255.31418:80030400, 0.22753:80030400, 255.21817:E4040000 [Stage: DeliverMessage]’

Well done retards prove yet again that microsoft is really crap at everything.

weird shit with a cyrus imap server

One of the zoo’s imap servers decided to play dead when the other three where perfectly happy on the same box.  Having recently done a debian upgrade it was my job to fix it.   However i cascaded one fault to another store which was not my fault as i was using bad software that i thought was good from ten years ago.

Having spent a fun couple of days trying to fix the thing i found that it is best to not use gyrus admin gui as it fucks up acls and cyrus users.  So good to know and DO NOT USE GYRUS. – use cyradm instead.

In the end i restored the instance from backup after getting some stuff to work most of it did not and cyrus imap is not the most verbose thing with one debug setting in /etc/default/cyrus-imap your on your own.

Something went bad but with three other stores working away it was still an non easy diagnosis and what it was is something cyrus imap kept mum on.  It was good to know that gyrus admin does more harm than good these days and the permissions to our imap stores are horrible compared to modern imap.  However since it been over ten years since i started with cyrus imap and you can knock off seven days for downtime those being upgrades so cyrus imap is generally good software.

I had a sort of mostly working fixed message store thing but many messages and folders where not showing up and as the zoo damm insist on getting it all back i opted for the backup as the easier fix.

Email was flowing in but he store was not accepting it

I still had to delete the sockets and reconstruct the data with [/usr/lib/cyrus/bin/reconstruct -C /etc/cyrus/zoo1.conf] but the data is mostly there as requested.

opendmarc systemd fun

Had some fun (my blog) with debain 9.4 until  i re-added -p inet:8893:localhost to the systemd file (as marked in bold)

/lib/systemd/system$ cat opendmarc.service
Description=OpenDMARC Milter
Documentation=man:opendmarc(8) man:opendmarc.conf(5)

ExecStart=/usr/sbin/opendmarc -p inet:8893:localhost
ExecReload=/bin/kill -USR1 $MAINPID


Check your  groups the group chmod had been returned to read only rather than read write

.Seems to get stuff working but then

&warning: milter inet: can’t read SMFIC_OPTNEG reply packet header: Success
warning: milter inet: read error in initial handshake

Made life fun again.and i think a restart of opendkim will resolve that.

That got opendmarc ready to write to text file for import in sql (my blog) and then reporting via smtp so back to normal – although debain did not inform me that the systemd file got replaced.

I like being a mindreader

dkim goes weird

postman pat is faster than yahoo

postman pat is faster than yahoo

The zoo lost it’s dkim somewhere (my blog) during an tls upgrade i still had spf and tls so when a dmarc report (my blog) alerted me i spent a few days trying to figure out what went wrong.

No user informed me ether

opendkim is downright zen like at times with messages like ‘not internal’ but eventually it seems adding some ip addresses in trusted hosts file and some _adsp dns lines kind of worked.

I do not quite grok adsp and atps with its base32 stuff that i failed to decode and if i am feeling odd i will blog more on those things since we all love those kind of blog posts.

zoo4 domain still has a problem still but it was last to be fixed – one more day and i try again as i now have spf,dkim and tls working on the other three domains and zoo4 generally does not send email but i would love to know why it stopped working

Most people would not notice.   Which is telling.

Probably something normal tomorrow if you have no idea what i going on about today

the zoo’s Schroedinger’s cat mail server

oh yes they are

Its behind you, no its not makes this post sound like a pantomime thanks to systemd (my blog) i have a postfix instance active (my blog) that postfix even thinks is not active.

Schroedinger would be proud.

So i changed the bind address and server name using .lan tld as .local and corp are now paid tld’s.  Making no sense of up or down an nmap scan says it is working.

I give up at this point and let this paradox be

The next day i notice that the new zoo,lan is sending email  when technically it is not running I am baffled and apart from the postfix instance changes notes  i have not been changing the configuration of it.

Oh well thats systemd for you

womens broadcasting bitching silenced via sieve

Professor had a slightly disastrous holiday which the repercussions from one female slide are probably worthy of a phd study on several months later.

Prof does not honestly give a shit (it happens) but human females love a bitch which the latest instalment was emailed to all so gchq know too (my blog) rather than phoned.  I wonder how it rates in the bitch scheme of things.- i guess there is a gchq rating for an analysis – if only they shared.

The zoo has asked us to redirect the bitches email to the junk folder (my blog) so it will not hit the mailbox unless you hunt for it..  Probably a further reason to bitch and whine but that is humans for you.

I like sieve (my blog). Alas i did not give a stuff about it to go get that phd.