MavEtJu's Distorted View of the World - 2006-03

Posted on 2006-03-29 13:10:58, modified on 2006-03-29 13:13:05
Tags: Networking, SMTP, Email

I've just enabled sender verification on our mailservers.

What does that mean you might wonder, and how is that different from grey-listing.

With sender verification, postfix checks if the address in the MAIL FROM command gets accepted by the MX servers of that address. It tries to do it realtime, but if it takes too long (>6 seconds) it will temporary fail the SMTP session and waits until the sending MTA retries.

Grey-listing on the other just temporary fails the first delivery attempt and waits until the sending MTA retries.

Keep in mind that two different things are checked here:

• Existence of the (well, acceptance of email for the) sender email address at the MX host.
• Proper handling of forced retries by the sending MTA.

One day I'll be brave enough to do also SPF checking (Allowed delivery of email for that domain by that MTA) and everything is as open as it will be, or as closed as it will be.

Posted on 2006-03-27 12:20:03, modified on 2006-03-27 12:24:52
Tags: Happiness

Yesterday I went to the Dutch Festival in St Marys. Finally access to market fresh stroopwafels and boerenkool met worst!

Anyway, there was a so called instant raffle. You pay one dollar, you pick one ticket from the bowl and if there is a number on it, you win! So I payed one dollar and oh dear, no number. A sad dutchman for the rest of the day... (at least I didn't win a large bird cage).

Twenty minutes later, Naomi asked "Mind if I do an experiment?". No idea what she was talking about, but I'm always in for her kind of experiments. Two minutes later she comes back with a smile from ear to ear and a t-shirt. "Here, I won this for you at the raffles!". She said "It's pretty silly if they put sticky tape around the winning tickets with numbers...". I don't care, I got a t-shirt!

Posted on 2006-03-25 19:07:17, modified on 2006-03-25 19:46:11
Tags: Networking, VLAN

Todays router adventure consisted of getting VLANs working with the X450s between the SJH building and 400 Harris street (where I'm not welcome anymore if I don't wear closed-toe shoes).

The idea is very simple: Take an ethernet link, define one or more VLANs on top of it, give certain VLANs a better priority than the others.

Buuuuuut.... No matter what we did, it didn't work.

After three hours reading up on documentation ("it can't be that difficult, can it?"), I called Uecomm and asked them the question "Is this possible at all?". Some seconds later the guy on the other side said: "No".

That was the short answer. The long answer is that it is supported if the CPE supports 801.1qinq, a protocol to support tagged VLANs in tagged VLANs.

So much for a great plan to make the whole network a little bit more workable.

Additional note: Also PIPE networks doesn't support this by default. Scary. This is not what I had in mind when we bought an ethernet service.

Posted on 2006-03-17 10:31:16, modified on 2006-03-17 11:16:56
Tags: Computers, Citrix, FreeBSD

At work we got a new toy: a Citrix MetraFrame Presentation Manager. In reality it is nothing more than a frontend for a Windows session, like you can get with RealVNC or Remote Desktop. Well, the difference is that more than one person can use it at the same time, and they all have their own desktop and settings. Not even a desktop, just a bunch of icons of pre-installed programs. Anyway, to the FreeBSD story.

Access to the MetaFrame website is easy, just login with your windows username and password. But then, it says "Your client platform is not supported.". This is a false alarm, but confusing.

For the general population, MetaFrame automatically picks the Java client. But not for the FreeBSD machines. At the top right of the Applications window there is a button to customize the user preferences. Client on the Client Preferences settings link. There you can choose between "Local client" and "Client for Java".

"Client for Java" forces the website to use the Java client, just like the general population gets. Works like a charm.

For "Local client", you need to install net/citrix_ica. There are two tweaks I needed to make before it all worked here. First one is that I had to configure a help for .ica files: MIME-Type is application/x-ica, application is /usr/local/bin/wfica. The second one was that I had to add the certificate of our SSL provider to the directory /usr/local/ICAClient/keystore/cacerts (note that the extension should be .crt, and that the name of it should be the same as wfica is complaining about. Use "openssl x509 -noout -text -in foo.crt" to check this).

And it all works now, both ways and without problems.

Posted on 2006-03-11 17:03:15, modified on 2006-03-11 17:04:37
Tags: Coding, ICal

Just finished a project on which we needed to have Exchange / Outlook compatible ICal files. My experiences, with full code to reproduce it, are written down at http://www.mavetju.org/programming/outlook-ics.php