When Copyright does not create (AEPI )

pirate

greek and proud of it

Copyright is supposed to make creative stuff pay, patents too have there issues (using a hyperlink) so i was amused to hear about AEPI  which is an organisation that collects fees and issues them to artists in Greece (my blog).

AEPI (not here)  made some greek’s rich, but as to paying copyright owners there in debt to €42 million euro’s

So copyright it seems does not promote creativity, you shall be glad to hear that the organisers collected the money but then gave it to themselves because who gives a stuff about to artists.

So next time somebody says copyright works (and they will be a politician) please remember our Greek friends to aiding culture.

the unscheduled lets encrypt renewal by 21 days

are-you-serious-wtf-meme-baby-faceLets encrypt is a free tls thing and a bit of a game for me to do email in tls i had to make a web site just to get the bloody tls that assumedly lasts three months and then i have to redo my tlsa records for dane.

I wrote down the date but 21 days early it got renewed all on its own, i only know this since i got an email about this fucked up renewal as the tlsa recrds where wrong.  How the fuck did 90 days become 69.  That’s with the zoo doing some pruning of lets encrypt cron jobs and me not knowing precisely what calls the update in debian (not me).

I renewed my tlsa records (my blog) but its process to call for updates and inform you is something i have to figure out and that’s even looking at the logs in /var/log/letsencrypt which is a joy to read due to stack traces.

Grr

 

To boldly spot new shodan.io addresses with the help of Picard

My dislike of shodan.io (my blog) is well documented

goldfish.census.shodan.io
does not resolve to address 
185.163.109.66

So here is another to crimson firewall and forget

That address comes from Romania who if your feeling in the mood email it to the isp abuse@m247.ro because i would not not want to host anything on that address.

I seem to be having a multiple st:tng episode day today.

 

A picard moment for you (shodan.io)

Oh yes its our friendly scumbags from shodan (my blog) – over to you captain

connect from 
cloud.census.shodan.io[94.102.49.193]

Its from our beachhut scanning outpost in the Seychelles (my blog) and a small /24 this time if you want to mass block this scammy isp and its lovely client.

So shields up, and i hope you never get this recycled ip addresss once shodan.io have fucked it up reputation wise.  I never delist shodian.io ip addresses from who ever the isp is.

Enjoy your day.

Netflix in February 2017

Since it might be many months since i schedule this, (my blog) and the subsequent posts here  are some thoughts on netflix which i kind of last looked at in 2014 (i think) In the winter months there can much said about the quality compared to freeview television.  However i dont subscribe to netflix often and have fresh eyes.  Long term subscribers might think meh about choices.

Value for Money/Problems

Netflix is cheaper for me than renting dvd’s from my library however Uzumusza limelight is not in netflix, or some amercan independent film i will not mention that i had an interest in, both of those missing titles is something i can live without seeing or wait for.

I cant’ play netflix on linux (drm) so that’s a minus point from 2014 when i could..

tng

tng

One issue that is not netflix’s is the presentation of star trek tng they have the old television version not the version on dvd which apparently was improved from the source.  Next time some hollywood executive claims remastering is not profitable there not selling ir correctly and …

So it looks a bit odd on a new tv.  – Blame is assigned elsewhere to other persons and not netflix here.

Final Thoughts

Television – including cable is a time sink when you see something runs for thirty minutes you just know you usually double that.   There’s a reason why i record and watch back (my blog) stuff,

I will suggest:(some are older) some titles in further posts.

Overall i like the content on netflix.

opendmarc reporting and extended thoughts

thxI decided to install some very crappy software to get dmarc reporting (my blog) working and adapted a script to suit from a blog,  it works you import, report and expire the db.

This is week long plus blog post so i may contradict myself the longer i document stuff.

However with stuff inbound to the database i got no email reports out which i can assume is due to either an error on my part, the policy not to bother them with strict compliance or the software is broken.

A brainwave I had on exploring this was that as a low traffic host (the zoo is not gmail) that email we do get is strictly controlled by rules where gmail i guess might be lax on say spam where as we are not.

So most of the email dealt with needs no dmarc action.

I will run the import , report and expire once a day and see if dmarc reporting via opendmarc is worthwhile.

Later on with reports being sent i observed some issues…

Dmarc can be abused by marketing people, and it depends on who runs the report address they specified take pure360.com.

(host x.GOOGLE.com[74.125.x.x] said:
450-4.2.1 The user you are trying to contact is receiving mail at a rate that 450-4.2.1 prevents additional messages from being delivered. Please resend your 450-4.2.1 message at a later time. If the user is able to receive mail at that 450-4.2.1 time, your message will be delivered. For more information, please 450-4.2.1 visit 450 4.2.1 – gsmtp (in reply to RCPT TO command))
dmarcreporting@pure360.com

minion

It is amusing to note that they also use gmail.

So dmarc might mismanaged by some who might know better.  Does this mean pure360.com dmarc should be ignored? what do you think.

Another retard with dmarc did the below humorous issue – Please note this was collected by dmarc, and sent by dmarc it is not a typo error by a human.

opendmarc-reports: sent report for email3.telegraph.co.uk 
to craig.millar@telegraph.co.uk (2.0.0 Ok: queued as 5F1F4BD6315)

<craig.millar@telegraph.co.uk>: host <host>.google.com[74.125.x.x] said:
550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient’s email address for typos

Plenty of other idiots exist.

(host eu-smtp-inbound-1.mimecast.com[91.220.42.241] said: 451 IP temporarily blacklisted – https://community.mimecast.com/docs/DOC-1369#451 (in reply to RCPT TO command))
dmarc@communicatorcorp.com

mindreaderNot sure they want dmarc although they request it.

(host eu-smtp-inbound-2.mimecast.com[91.220.42.241] said: 451 IP temporarily blacklisted – https://community.mimecast.com/docs/DOC-1369#451 (in reply to RCPT TO command))
rua@rac.co.uk

These appear to go hours and hours later that is getting the dmarc report back (rac do send spam) and piss off hosts when it reports back – Oh to be a mind reader.

Yet another brainwave i had was that there is no way to block ‘pfishing’ emails via opendkmarc unless there is a strict policy setup.  Unless you search headers for dmarc rules but thats down to the mta or spambotter not opendmarc.  There is an example below.

Routing loops could be a problem – ala i send mail, they send mail, we mail back etc.  Have to see on that one.  I guess you could turn off reporting which kind of makes dmarc reporting an odd idea to start with.

In the real world i found out:

If you do not import messages into sql and then close down opendmarc (say for an kernel upgrade) then opendmarc deletes the text file is one bug i noticed – not an end of the world issue but occasional one.

Another bug i noticed in 1.3.0 release (1.3.2 is debian experimental) is that opendmarc-reports will still send email out even if you had a typo in the address or email set in script (the zoo has four domains)

I noticed as our dkim signing did not initiate when it should have (my typo).

The sql data is stored although its not designed for humans to read, the xml reports which it makes and we also get from others as the zoo has dmarc are more human readable.

Microsoft (microshit) are pretty crap at dmarc -there reports leave a lot to be desired due to \n issues.

They also bounce failure – this is pure microshit in action. I perceive this as bit spammy.  It took a little time to sanitize here.

Subject x has left you a private message
From No signature information staff@hotmail.com
To technical_dmarc@zoo
Date Thu 07:46 PM
This is an email abuse report for an email message received from IP 201.217.243.222 on Thu, 19 Jan 2017 11:xx:40 -0800.
The message below did not meet the sending domain’s authentication policy.
For more information about this format please see http://www.ietf.org/rfc/rfc5965.txt.
Subject x has left you a private message
From Signature is not valid ! verified by VMessage
Sender notification+bingxia006@zoo
To REDACTED
Date Thu 04:44 PM
You have 1 new message
Crook

Crook

Typical crap from microsoft, it was spamcop proof too

Criminals also have odd dmarc setups an good example is quantumaccountingservices . net which is scammy* returned at time of wtiting

Host not found, try again

So i guess your going to get a lot of domains to ignore.

A problem i have is with multiple domain reporting (say mail.zoo mail.zoo1 etc). In the debian 1.3.0 version the first report run for mail.zoo has all the fun the other opendmarc report scripts run but have nothing to report on.  That might be a level of complexity most with one domain and one host never get to see or care about and might be down to the shit sql server it uses.

My adsp and atps lines in dns needed some tweaking since reporting uses port 25 and i use the other port for outbound mail which for over a week i failed to comprehend so this might be a postfix / amavis or some other issue i cannot resolve currently.

The zoo will not be sending reports until we figure out adsp (my blog) even though the sql import and expire work

opendmarc-spam looks interesting although a thought experiment needing a look at source code to guess how it works

That’s about it for opendmarc reporting. Tomorrow I will be delving into the science of mind reading** after all it appears to be a required skill with dmarc.

*the hint is in the name. ** i joke

syntax fun with amavis to varying results

minionAs a zoo with four domain names getting email in and out is fun. Generally spf will fix issues and with dkim and tls things get quite complex.

One area of failing was amavis which one instance inspects mail, having more than daemon now [2017] seems impossible, some years ago i had four amavis servers but attempts to recreate that left an inconsistent mess sometimes it worked and other time spewed errors by the dozen.

So it was back to improving the single instance.

But $inet_socket_port can have more than one value with = [10024,100xx,etc];

So one instance might suffice.for inbound delivery to amavis.

outbound paths are done with $forward_method and this too becomes = [‘smtp:127.0.0.1:10025’, ‘smtp:127.0.0.1:10027’] ; opposed to the simple defaults in the amavis config hiding in /etc/amavis/conf.d if your debian based like the zoo

That seems (debian stable) to work but it is not guaranteed it might and then again might go back to the first method.

Amavis with it’s perl like configuration is a learn the hard way experience if you want something extra from it.

Don’t forget those semi colons.

This kind of makes sense although it is not guaranteed that the plumbing will go to the right outout but a tolerant spf config allows for that.

I like the one daemon rather than four of them and while not perfect it will do – a discussion on atps will follow so not finished yet..

an odd reboot

keyboardThe zoo’s server had a weird issue with its keyboard doing [^b [^a etc and so one evening i decided to fix it, fortunately it appears that a simple reboot restored it use without the [^ thing.

The keyboard on the server gets very little use and i am able to shut it down remotely and fix many things that way as well but it is nice to have a functional thing on it just in case.

zone one, Colson Whitehead

inthefleshisbn: 97800099570141 is an author i think i am looking in to reading a newer title. This title was found in a library and free* and featured in newspaper list.

This is a tale of zombies and zombie disposal written with a sarcastic parody of starbucks the coffee shop .  Although a novel the material here feels more a short story and loses focus fortunately the publishers did not make this a a three book series which is the kind of thing there into.

Overall the past (now) is better although boring the reader with guns and tactics is something wisely kept way from by the author.

2/5 bananas

*if you think libraries are free then you have not been in one for very long time – finding a book in a nearby library is like winning the lottery unless you read mills and boon romance novels..