Which mail server administrator hasn t tested his servers using telnet on port 25, speaking SMTP himself? And which of them made a typo and had to retype everything due to missing readline support of telnet? If you want to check SMTP over SSL aka SMTPS, you had to use openssl s_client -connect yourserver:465 . And what did you use to check TLS support on port 25? Just forget about those hassles and use swaks (Debian package), the Swiss Army Knife for SMTP. It does all the annoying stuff (using the correct syntax, typing fast enough, SSL, TLS, etc.) for you while still giving you full control over the SMTP session, especially showing you all input and output:

$ swaks -t abe@noone.org -s sym.noone.org -q RCPT
=== Trying sym.noone.org:25...
=== Connected to sym.noone.org.
<-  220 sym.noone.org ESMTP Postfix (Debian/GNU)
 -> EHLO nemo.deuxchevaux.org
<-  250-sym.noone.org
<-  250-PIPELINING
<-  250-SIZE 10240000
<-  250-ENHANCEDSTATUSCODES
<-  250 8BITMIME
 -> MAIL FROM:<abe@nemo.deuxchevaux.org>
<-  250 2.1.0 Ok
 -> RCPT TO:<abe@noone.org>
<** 450 4.2.0 <abe@nemo.deuxchevaux.org>: Sender address rejected: Greylisted, see http://postgrey.schweikert.ch/help/noone.org.html
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.

Since the moment I discovered swaks, I never telnetted to port 25 anymore.

As I said a month ago, my main server Delmak was dying. Well it still runs (proof: you could read this blog some days ago). Thanks to friends I host for free, they've kindly given enough money to buy a brand new server (C2D E8400, 4 GB RAM, 2x500 GB RAID 1) in order to replace the good old Delmak. This new box has been named Prometheus after the only BC-303 class battleship ever built. Delmak was used to mainly run as a Web, mail and databases server. I decided to do use this server switch to change the server software I use. The first mail server I setup was based on Exim 3, courier- imap,pop -ssl, with userdb files. That was... rough. Later I switched to Exim 4, using vexim, and MySQL as a back-end. That was something like 3 years ago I guess. Since then I never really touched that back. I added spamassassin and clamav filtering some months after, because some users asked for it. That's all. So this week, I decided to switch away from this configuration. I do not understand Exim anymore anyway, so I decided to use Postfix which I often use and administrate at work. Obviously, I also now use PostgreSQL as database back-end, since it rocks, and since Postfixadmin supports it. By the way, be aware that the Debian package of postfixadmin is crappy (the configuration file is readable by anyone by default, with the database password in it). I also set up postgrey which is quite nice and efficient. Well, then was time for amavisd-new installation, but I did not do it. Seriously, amavisd-new configuration is a bloody mess, as the language it is written in (yes, Perl). So I switched to dspam which I heard is nice. Well, it seems to be for now, since it even supports clamav daemon usage directly, which is very very nice because that means I do not have to set up another thing for that. I also switched from courier to dovecot, mainly because the latter seems to be faster and lighter. I then changed the default virtual_transport to Dovecot LDA. The main advantage of this is that the LDA updates the Dovecot index while delivering. It also supports quota, which I do not use and plug-ins, like the Sieve language for mail filtering. So I decided to change my procmailrc to a new Sieve filter. My procmailrc is quite small since I only use regex to match lists and some mail address, so it has only something like 12 rules. And well, I did not do it since I discovered after some googling that Dovecot implementation of Sieve is grabbed from Cyrus which does not support variables for now. That means that the following procmailrc code:

:0:
* ^X-Mailing-List: <debian-.+@lists.debian.org>
* ^X-Mailing-List: <debian-\/[^@]+
list-debian-$MATCH/

which will translate to:

require [ "regex", "variables", "fileinto" ]
if header :regex "X-Mailing-List" "<debian-(.+)@"
 
    fileinto "lists.debian.$ 1 ";
    stop;
 

But that won't work since Dovecot Sieve implementation does not support "variables". Well, since I'm not ready to list all the lists I'm subscribed to, Sieve is a no-go for now. I'll stick with procmail.

For about nine years, my domain deuxchevaux.org was hosted (which means web, DNS and a catchall e-mail forward) by Internett at Saarbr cken. Although it was a sponsered hosting without much support I was quite happy with their service. But especially my ideas and demands regarding spam filtering grew out of the possibilities of a mass hosting solution. Since I run my own web, mail and name servers for a while now, it was no question that also deuxchevaux.org should become self-hosted. Since I run a root-server at Hetzner and their “robot” also offers domain handling, I planned to transfer deuxchevaux.org to them. Therefore I first had to register my two DNS servers (sym.noone.org and virt.noone.org) with them. In the documentation there was a note that for .org domains, name servers in a .org domain have to be registered with the same registrar. And just a few hours after registering the name servers via their web interface I got a mail from Hetzner Support that the domain of my name servers are not registered with Hetzner and so I cannot use them form .org domains. Asking for the cause of this rule, I got the answer that this is a rule by Hetzner’s upstream registrar, Cronos AG. Well, since I don’t understand such arbitrarily looking rules, I was looking around for another registrar with usable web interface. On the DaLUG mailing list, someone recommended eDNS. Since their single user account is free of setup and monthly fees, I signed up with them and started playing around with their web interface. When I tried to transfer deuxchevaux.org using the Auth-Code, I got the response that the transfer failed and when I clicked on “Details”, I got “$VAR1 = [];” as detailed information about the failure. Data::Dumper says hello. I wrote them and asked if they can tell me, what that should mean last Thursday and got no answer so far. I don’t think, I’ll register domains with them anymore. So where to try it now? Someone recommended GoDaddy, but I neither like their website (way too much targeted on beginners and mainstream) nor do I want to apply for a credit card or a PayPal account to be able to pay their bills. So a bill from my UML hoster Korypet (aka VD Server) caught my eye: They were lowering prices for registrations at some top level domains (and in comparison to the recent lowerings at eDNS the new prices also apply to existing contracts) including .at and .org (and I only have .at, .ch and .org domains). I didn’t knew they also do domains outside of selling them in packages with UML hosts. So I wrote to Korypet support, if they offer a web interface for domain handling and got a reply less than two hours later: Not yet, but they’re working on it. Until then, I can request domain handling tasks by e-mail to their support. Since I know their UML managing web interface – which works fine – and since I’m happy with their support, service and prices since years (I’m customer there since 2003), I replied with all the necessary data for the transfer. Well, the transfer failed, too. But in comparsion to Hetzner or eDNS, they made the effort to exactly find out, what happened. So what did happen? The rule which the Hetzner support guy told me that it was from their upstream registrar wasn’t from there but from Public Internet Registry (PIR) itself. And the rule seems to match not that often, so that many people involved in domain registration don’t know about it (and usually neither understand its existence when they hear about it). Also I have no understanding for this harassment and so I felt the strong urge to get one over on them. Korypet suggested several solutions fitting my needs (i.e. the usage of my DNS servers for my domains). They even offered A records under some of their PIR registrered domains pointing to the IP addresses of my DNS servers for no fee, but luckily some A records under my own .ch domain sufficed. So the transfer was successful on Friday evening, 6pm local time, my own mail server (running Postfix) was happily rejecting a lot of spam to (and even from) non-existing users (which came in over the catch-all before) as well as hosts greeting with not fully qualified or invalid HELOs and greylisting others via David Schweikert’s Postgrey. The number of accepted mails and recognized spam sunk immediately by approximately factor four on the whole mail server, although deuxchevaux.org isn’t the only domain that receives mail there (but was the only one which had a catch-all before). So in the long run, I’ll probably move all .org and .at domains over to Korypet since they have not only fair prices but also a competent and individual support. (And yes, this is a recommendation. ;-)