Posted on
by

I recently noticed that the mail server was experiencing 4 times the typical number of SMTP connections. It didn’t seem to be under any stress, though, not as far as server load went. So I watched the log file trail, and saw a bunch of messages coming in to nonexistent users with the pattern, FirstnameLastname@alternativebrowseralliance.com.

My first thought was that someone was running a dictionary attack against the domain, trying many different addresses to see which might be valid. Then I noticed that they seemed to be coming from <> — in other words, they were bounce notices.

Great. A Joe Job.

I enabled a catch-all temporarily. That did cause the server to slow down, as it was now actually processing the quadruple load instead of kicking back 3/4 of it with a “User unknown” error. (I hadn’t thought to disable spam scanning on the domain first.) In the 30 seconds before I turned it off again, it picked up 25 non-delivery notices. And those are just the ones that got past the spam filter.

As it turned out, they were just random junk. Some spammer had picked the domain and was using it to forge random From: addresses, and we were getting the bounces. In the old days they made up the whole address, but it’s easy to check whether a domain exists. So now they pick some real domain and make up a fake address. That’s harder to detect unless the domain in question uses some sort of verification system like SPF or DKIM.

So it wasn’t a Joe Job: no one was trying to besmirch the site’s reputation. It still meant extra traffic to the mail server, though.

This problem is called backscatter, and it exists for two reasons:

  1. The sender address on an email message is easy to forge, like writing a fake address on an envelope.
  2. Many mail systems will accept a message first, then process it. If it then decides to reject it, it can’t respond to the actual sender, only to the one listed in the message—and in the case of spam, it’s usually forged (see #1).

I don’t send any mail using the domain. The only reason it even has mail pointed anywhere is so that I can receive mail sent to the webmaster for the Alternative Browser Alliance. I suppose I could set up a -all (no servers are authorized) SPF record, and hope some recipients decide not to send bounces. But I’m not sure how much it would actually accomplish.

Anyway, the two lessons to take away from this are:

  • Reject messages to bad recipients in the initial SMTP transaction. It’ll protect your server from backscatter (and dictionary attacks), because you won’t have to queue and process all the extra junk.
  • Don’t generate bounce messages after the fact based on something as easily forged as the supposed sender. Otherwise, you’ll be contributing to backscatter.

Posted on
by

There was a little snow on Mt. Saddleback on Sunday, but not much worth mentioning. Sometime early Tuesday morning, though, a freak storm seems to have hit the mountain… and only the mountain. We certainly didn’t get any rain down here in the flatlands.

At 8:20, the mountains were still shrouded in clouds:

Mt. Saddleback and hills shrouded in cloud.

By 9:00, the clouds were starting to burn off, leaving behind a coat of snow, not just on Santiago and Modjeska peaks (still behind clouds), but on the lower peaks to the northwest.

Mt. Saddleback topped with cloud, the peaks next to it covered in snow.

By noon, most of the snow had melted. There’s still some in the shadowed crevices.

Mt. Saddleback with just a little snow remaining.

UPDATE DECEMBER 19, 2008: This post is getting a lot of traffic today, but it’s from last winter. If you want to see photos from this week’s snow, check out my Snowline photoset on Flickr

Posted on
by

Epic Pooh – Michael Moorcock on the state of fantasy literature, originally written in the 1970s but updated for the 21st century. The title comes from comparing the style of Lord of the Rings to Winnie the Pooh. I have no problem reading and enjoying both his work and Tolkien’s, and it doesn’t bother me that Phillip Pullman dislikes Tolkien’s work as well.

Posted on
by

After the last few days of rain, today was clear and windy. I finally dragged myself out to a vantage point where I could see something of the mountains… just at sunset. This is looking northeast toward the San Gabriel Mountains from the edge of a vacant lot on the former MCAS Tustin. (You can see one of the two blimp hangars at the right.)

Snow-covered San Gabriels and blimp hangar at sunset

Update: Monday morning I went back to the same spot before work and took some photos in daylight. Katie said it looked like someone had sifted powdered sugar over the mountains.

San Gabriels, capped with snow, and blimp hanger in daylight

Back to Sunday evening, I crossed the street and got some more pictures without the fence and saplings in the foreground, and stayed out until the light had faded. The view was clear all the way west along the range to Mt. Wilson. I also looked back toward the sunset, which lit up the edges of a cloud with a red-gold glow.

Cloud backlit by sunset

Posted on
by

Found this while wandering around the Lemon Heights area a few weeks ago, looking for scenic viewpoints. It’s on the Skyline trail, near Peters Canyon park.

Yield sign with 3-way diagram with icons and arrows.

It seems to be saying this:

  • Cyclists* yield to pedestrians and horses.
  • Pedestrians yield to horses.
  • Horses yield to no one.

But if you’ve never seen it before, the meaning isn’t clear at a glance.

Apparently the idea is to make everyone stop and try to work out the diagram, so that they can start moving again in the right order.

*Or perhaps only bicycles, since there’s no rider in the picture.

Posted on
by

The Village, a disturbingly-named apartment complex across from the Irvine Spectrum shopping center, has been advertising in the nearby area for a couple of years using the slogan, “A new meaning for…” with various images and phrases. For a while, the following photo and caption seemed to be everywhere:

Blonde woman lifting her head out of a swimming pool, giving a "come hither" look.
A New Meaning For Heated Pool

A not-terribly-subtle example of the advertising maxim, “sex sells.” Somewhere along the line I decided she looked like Rebecca Romijn, and dubbed her Mystique.

Eventually I realized what the photo reminded me of: the promotional images for the movie Wild Things:

Neve Campbell and Denise Richards lifting their heads out of a swimming pool.

The apartments have removed the image from their website (you can still find it on the Internet Archive), but it’s still all over the shopping center kiosks. So while watching Beowulf there, it seemed somehow appropriate when Grendel’s mother struck the same pose:

Grendel’s mother (digital Angelina Jolie) lifting her head out of a pool