Some friends of mine were running about and saying nice things about greylisting, so I decided to try it and see how it works out. I actually have a full in-exim-implementation now. It would have been cool if exim had some sort of db4 write support or something, but I’ve gone with postgresql instead. The implementation in exim is as follows:

In the main part, I have

 GRAYLIST_TEST = SELECT CASE \
                  WHEN now() - block_expires > 0 THEN 2 \
                  ELSE 1 \
                 END \
                 FROM relaytofrom \
                 WHERE relay_ip='${quote_pgsql:$sender_host_address}' \
                 AND from_domain='${quote_pgsql:$sender_address_domain}'

 GRAYLIST_ADD  = INSERT INTO relaytofrom (relay_ip, from_domain) \
                 VALUES ( '${quote_mysql:$sender_host_address}', \
                 '${quote_mysql:$sender_address_domain}')

 hide pgsql_servers = localhost/greylisting/exim/password

Then, in the DATA acl, I have

  warn    set acl_m7 = ${lookup pgsql{GRAYLIST_TEST}{$value}{0}}

  defer   message = Greylisted - please try again a little later
          condition      = ${if eq{$acl_m7}{0}{1}}
          condition      = ${lookup pgsql{GRAYLIST_ADD}{yes}{no}}
  defer   condition      = ${if eq{$acl_m7}{1}{1}}

Why the data part, you may ask. The reason is quite simple, I don’t want to break callouts at all. Also, this server is on 100MBit so I don’t care about any wasted bandwidth.

The table definition is fairly simple:

create table relaytofrom
(
        id              serial,
        relay_ip        inet,
        from_domain     varchar(255), 
        block_expires   timestamp default now()+(interval '60 seconds')
                        NOT NULL,
        record_expires  timestamp default now()+(interval '1 week')
                        NOT NULL,
        origin_type     varchar(16) DEFAULT 'AUTO'
                        CHECK (origin_type in ('MANUAL','AUTO')) NOT NULL,
        create_time     timestamp        default now() NOT NULL
);

Hope this helps somebody to get a little less spam.

By popular demand, I’m just including my sync-dotfiles-repos, aka svn2cvs script here. I hope it’s useful for somebody, and comments and patches are appreciated.

 #! /bin/sh -e
 
 #exec > /tmp/commit.log  2>&1 
 
 HOME=/home/tfheen
 CVSROOT="$HOME/cvsroot"
 SVNROOT="$HOME/svn"
 
 TMPDIR=$(tempfile --prefix syncdotfiles)
 
 rm -f "$TMPDIR"
 mkdir $TMPDIR
 cd $TMPDIR
 
 # ok, now we are fairly safe.
 
 cvs -d "$CVSROOT" co dotfiles
 svn export --force file://$SVNROOT/trunk/dotfiles
 
 cd dotfiles
 
 for file in $(find -type f -not -path \*CVS\*); do
     FILE=$(basename $file)
     DIR=$(dirname $file)
     if ! grep -q "^/$FILE/" $DIR/CVS/Entries ; then 
         cvs add $file
     fi
 done
 
 cvs commit -m"Automatic commit from SVN"
 
 rm -rf $TMPDIR

Most of the day was spent crawling around inside the student society. Inside, as in, beneath floors, inside walls and on top of ceilings. We were of course wiring the student society, one of the last areas is now finally switching from 10Base-2 (thin ethernet, coax) to a 100Mbit switched TP infrastructure. Tiring, but fun nonetheless. Those areas haven’t seen anything resembling cleaning equipment in about a hundred years (when the society was built), so we ended up quite dirty.

Looking forward to the concert tonight, if I manage to stay awake, since I’ve only slept three hours last night. It’s hard to stay up partying. :)

Finally got around to writing up a new multiarch proposal. Of course, it caused a lot of debate on #debian-devel, but that was just as expected. Comments are of course welcome

I actually got around to setting up SVN with mod_dav today. Apart from the fact that OpenSSL is a piece of shit and causes problems if you have non-ASCII characters in any of the fields. It seems to work fine, even commits over HTTP. Feels a bit weird, though.

By the way: Gentoo sucks. Error messages are overrated and I want to install Debian on this box.

Just discovered something a bit weird. Or, perhaps not very weird, but I got a little bit confused. Textile supports pre tags just fine. It’s just that the plugin reflows the text if it doesn’t start with a space. So, in order to actually get preformatted text, I have to both use pre and a leading space. Weird.

Got back home today and was a bit tired so instead of going dancing, I decided to hack Mailman. Moved the repository to Alioth, set things up fairly ok (at least I think so) and converted the whole system to dpatch. Also created a mailing list so my co-maintainers will soon be able to help out.

Sesse asked about whether the DELAYED queue was fixed after the break-in, which it, to the best of my knowledge isn’t. So I hacked up a small script to run as a DELAYED queue. I think it works as well, and there are already two NMUs in, so it’ll be nice to see if it works and we can actually have a working DELAYED queue again. It should be possible to upload to it through something like:

 [tfheen_delayed]
 method = scp
 fqdn = gluck.debian.org
 incoming = ~tfheen

in dput.cf

Of course, I had to fix pycategories as well. Fix is trivial

        for i in elist[:]:
            if ".svn" in i:
                elist.remove(i)

just after the lines reading

        elist = tools.Walk(root)
        elist = [mem[len(root):] for mem in elist]

Of course, after converting my blog to SVN, it seems like pyblosxom decided that traversing through all my .svn dirs was an excellent idea. I disagree, of course. After finding out that the filter plugin on Pyblosxom’s home page wasn’t there, I sat down and wrote my own. Fairly trivial and also hard-coded.

def cb_prepare(args):
    request = args["request"]
    data = request.getData()
    for entry in data['entry_list'][:]:
        filename = entry.get('filename')
        if "/.svn" in filename:
            data['entry_list'].remove(entry)

That’s all that was needed.

SVN already has cvs2svn. I needed something to do this the other way around. You probably think I’m crazy. I’m not (at least not because of this). I already have the biggest part of my dotfiles in CVS and have a working setup through joeyh’s sshanoncvs which works fine. I want to play around with subversion, so I have converted my CVS repository to SVN. Howerver, my home directory is checked out on a lot of boxes which don’t have any SVN client installed. So, I rather add a post-commit hook which updates my dotfiles each time I commit to the SVN repository. Quite neat.

Once I get some sort of decent access controls set up for this, I’ll just post a link to the script, but if you want a copy in the meantime, just drop me a mail.