[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Offtopic: pop-before-smtp jargon (was Re: [FWP] CPAN _Rules_!)

To: Kingpin <mthurn@tasc.com>
Subject: Offtopic: pop-before-smtp jargon (was Re: [FWP] CPAN _Rules_!)
From: Bennett Todd <bet@rahul.net>
Date: Thu, 6 Jan 2000 14:53:56 -0500
Cc: fwp@technofile.org
In-Reply-To: <200001061845.NAA07114@copper.dulles.tasc.com>; from mthurn@tasc.com on Thu, Jan 06, 2000 at 01:45:10PM -0500
References: <20000106124953.C3365@rahul.net> <200001061845.NAA07114@copper.dulles.tasc.com>

2000-01-06-13:45:10 Kingpin:
> > is about the most fun with perl I've had in a long, long time.
> 
> I'll take your word for it.  Am I the only person who has no idea what
> the following words from your message mean?  :-)

Well, I gotta admit that was a little jargon-rich, I'm sorry. I'll define at
least some of them. My apologies for infesting FWP with this posting; I guess
I failed to appreciate how specialized my Fun was before sending that out.

> pop-before-smtp

POP (used here generically for "pop or imap") is a protocol used to check
your email remotely. Your mail client program connects to the pop or imap
port, logs in, downloads your email, and presents it to you. There are other
subtleties which don't enter into this picture.

SMTP is the protocol used for transferring email about the internet; it's used
whenever you send email, to get it to the destination machine where the
recipient's mailbox resides.

When people are logged in from home, they need to tell their email client to
use a specific SMTP server to send email out the door. They should normally
specify the SMTP server for their ISP, the one that owns the dialin ports
they're using to connect to the internet. Their ISP is the only organization
in a position to enforce anti-spamming rules on the users. Nobody else should
accept email relaying to the internet, because it has grown to be the standard
mechanism used by spammers to send out their denial-of-service attack while
redirecting most of the wrath on a third party [the open relay].

Pop-before-smtp is a revolting hack that can be used when some users, for
whatever reason, cannot configure their email clients to use their ISP's SMTP
server for outbound email relay, and have to use some other organization's
SMTP server --- the organization where they have their own email, which they
read using POP (or IMAP). The hack consists of keeping an eye on the pop and
imap login authentication ("auth") events, perhaps by watching as they are
logged in the main system mail log, and maintaining a database, which the SMTP
server can check, that documents the IP addresses from which users have
authenticated recently. The theory is that if a user has logged in to pick up
their mail recently, then you "know" that the IP address they're coming from
is one of your users, and so if they are a spammer you can reach out and thump
them yourself.

> UW

University of Washington, I believe, home of the original IMAP implementation
(as well as the mail user agent Pine, and a POP daemon, all of which share
some common code).

> popd
> imapd

Daemons (system service processes under Unix) that offer POP (Post Office
Protocol) and IMAP (Interactive Mail Access Protocol) over the internet.

> postfix

A Mail Transport Agent, including (among other pieces) the daemon listening
for SMTP (Simple Mail Transport Protocol) for transferring email.

> logfile rotation

Logfiles are written on Unix systems, with records describing interesting
things that have happened. E.g. the mail log, /var/log/maillog on Red Hat
Linux, contains records written by the mail transport agent (e.g. Postfix)
describing messages received, messages sent, messages delivered locally, and
failures in all the above. It also gets lines added to it describing the
interesting things that happen --- like connections opened and closed,
successful logins, etc. --- for the POP and IMAP daemons.

Since these are always appended to, standard practice is to have a periodic
automatic job that "rotates" them. It might be as simple as

	mv /var/log/maillog.3 /var/log/maillog.4
	mv /var/log/maillog.2 /var/log/maillog.3
	mv /var/log/maillog.1 /var/log/maillog.2
	mv /var/log/maillog.0 /var/log/maillog.1
	mv /var/log/maillog   /var/log/maillog.0
	touch /var/log/maillog
	kill -HUP `cat /etc/syslog/pid`

The "mv" commands are the heart of the "rotation"; the "touch" creates a new,
empty log file, and the "kill" pokes the system logging daemon (syslog) and
tells it to close and re-open the logfile, so it will stop logging to the (now
renamed) old logfile and commence logging to the new one.

> IPV4

Internet Protocol version 4, the current common transport framework for moving
packets of data from one computer to another around the world. Routing is done
by examining IP addresses, which are 32-bit numbers, commonly written as four
decimal bytes with dots between, like 1.2.3.4.

> router logic

A router needs to examine an IP address, refer to a routing table, which
describes what networks the router can reach and what interface and/or
gateway to use to reach each one, and thus decide where to send the packet.
The logic involves a search of a table of network blocks. I used CPAN's
Net::Netmask to do that. Worked right the first time, this was Fun.

> CIDR

Classless Inter-Domain Routing, a standard for defining networks of variable
sizes; this is as contrasted to the original IP standard, now called
"classful" routing, where all addresses had to be Class A (126 such networks
existed, each containing c. 16 million hosts), Class B (c. 16000 nets, each
with c. 65000 hosts), or Class C (c. 2 million nets, each of 254 hosts).

That was too restrictive; lots of places needed nets that weren't near any of
those sizes, and "rounding up" ended up wasting a lot of possible addresses.
Classless Inter-Domain Routing allows variable-size networks; a network can
basically be roughly any power of two size. The size of a network is indicated
by a number, the number of bits of the address that are to be treated as
network number (hence the host number is "all the rest", the remainder of the
32 bits).

CIDR is commonly described using a notation of network-number/size, e.g.
192.168.0.0/24, and so that notation is referred to as "CIDR" notation.

> netblocks

The networks so described --- blocks of IP addresses.

> backlogged

Not caught up? Loaded with a backlog of work that needs processing as fast as
possible, to catch up with the current situation.

> maillog

The file where email-related messages are logged.

> top(1)

The program "top", whose manual is in section 1 of the Unix Programmer's
Manual (and so can be viewed with the command "man top". It displays actively
running processes on the system, ranked in roughly descending order of how
much system resources they are consuming. It shows the top-resource-consumers,
and so the name.

> tracks

Lots of ways that could be used. In the context I was using it, that's a verb,
means "follows", in the sense of "keeps up with".

> netblock

One the singular form of the noun netblocks, I already did that one I'm sure.

:-)

-Bennett

PGP signature

References:
- [FWP] CPAN _Rules_!
  - From: Bennett Todd <bet@rahul.net>
- Re: [FWP] CPAN _Rules_!
  - From: Kingpin <mthurn@tasc.com>

Prev by Date: Re: [FWP] CPAN _Rules_!
Next by Date: Re: [FWP] CPAN _Rules_!
Prev by thread: Re: [FWP] CPAN _Rules_!
Next by thread: Re: [FWP] CPAN _Rules_!
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net