Home » Computer » Network » Archive by category "Mail" (Page 2)

Amazon SES 提供 Dedicated IP Address 的養 IP 機制...

透過混搭本來的 shared IP address (已經對各 ISP 有信用) 與客戶租用的 dedicated IP address 混發,然後一段時間後養起來 (最多 45 days):「Amazon SES Can Now Automatically Warm Up Your Dedicated IP Addresses」。

Amazon SES controls the amount of email that can be sent through an IP address. Amazon SES uses a predefined warm-up plan that indicates the maximum number of emails that can be sent daily through an IP address to ensure the traffic is increasing gradually over 45 days.

要注意的是,這個過程需要發五萬封才有辦法養出來,不是設上去就會自己養

After you successfully warm up your dedicated IPs (either by yourself or by using the Amazon SES automatic warm-up mechanism), you must send at least 50,000 emails per dedicated IP per day so that the IPs maintain a positive reputation with ISPs. To avoid throttling by the ISPs, avoid sending a high volume of emails soon after the completion of warm-up; we recommend gradually increasing the volume for better deliverability.

現在弄 mail service 超麻煩的...

Amazon EC2 會對 Port 25 的連線數量限制

起因於一台 ap-northeast-1 的機器 (東京) 會使用 us-west-2 的 SES (美西,奧勒岡),然後發現信延遲的有點嚴重,看 mail log 發現是因為連線 timeout。

查了以後發現在「Amazon SES SMTP Issues」這邊就有提到 EC2 instance 對 port 25 有限制:

You are sending to Amazon SES from an Amazon EC2 instance via port 25 and you cannot reach your Amazon SES sending limits or you are receiving time outs—Amazon EC2 imposes default sending limits on email sent via port 25 and throttles outbound connections if you attempt to exceed those limits. To remove these limits, submit an Amazon EC2 Request to Remove Email Sending Limitations. You can also connect to Amazon SES via port 465 or port 587, neither of which is throttled.

按照建議,直接走 port 587 就可以解決,另外一個方法是開 support ticket 請 AWS 解除:「How do I remove the throttle on port 25 from my EC2 instance?」。

Amazon EC2 throttles traffic on port 25 of all EC2 instances by default, but you can request that this throttle be removed for your instance at Request to Remove Email Sending Limitations (you must sign in with your root account credentials). Provide a description of your use case for sending email, and then choose Submit.

還是改走 port 587 比較簡單一點...

Gmail 要開始導入 SMTP Strict Transport Security 了

SMTP MTA Strict Transport Security 算是 SMTP STARTTLS 裡的 HSTS 機制,而 Google 的人在 RSA Conference 上提出要開始用了:「SMTP STS Coming Soon to Gmail, Other Webmail Providers」。

Elie Bursztein, the head of Google’s anti-abuse research team, said at RSA Conference that SMTP STS will be a major impediment to man-in-the-middle attacks that rely on rogue certificates that are likely forged, stolen or otherwise untrusted. Google, Microsoft, Yahoo and Comcast are expected to adopt the standard this year, a draft of which was submitted to the IETF in March 2016.

補上去後對於 SMTP 的隱私保護就會更好了...

Amazon SES 的固定 IP 服務

怎麼這麼多消息啊... 這次是 Amazon SES 宣佈提供固定 IP 服務:「Amazon SES Now Offers Dedicated IP Addresses」。

這樣可以減少被其他人影響到 reputation,提昇穩定度:

Amazon Simple Email Service (Amazon SES) now offers dedicated IP addresses, which enable you to manage the reputation of the IP addresses that Amazon SES uses to send your email.

而要用這個功能的人要額外申請:

To request dedicated IPs, open an SES Sending Limits Increase Case in Support Center. In the use case details, specify that you are requesting dedicated IPs.

Yandex.Mail 從 Oracle 搬移到 PostgreSQL 上的故事

Hacker News Daily 上看到 Yandex.MailOracle 搬到 PostgreSQL 的故事:「Yandex.Mail success story」。

首先是在 Oracle-based 的系統上遇到的問題:

除了技術類的問題外,這個「Not very responsive support」可以看到對 Oracle 的服務很不滿意。

另外下一張投影片只講 shop.oracle.com 是主要原因... 我猜是 Oracle 在開始提供 cloud service 後把售價都拉高。在最後的 Summary 看起來也有點像:

雖然沒有講明換 PostgreSQL 的理由,但注意到「3x more hardware」這點,這表示是原來的四倍。在這樣的情況下還是要換,可以猜測 Oracle 的授權費用在 web-scale 服務上的問題。

另外如果仔細品投影片,可以發現其實 migration 成功的原因是 DBA team 的能力夠強大,以及充足的時間修正問題 (可以看到作者在 mailing list 上一直提問也一直修正問題)。如果當初評估後決定要換到 MySQL,我相信也是會順利完成...

Mutt 1.7.0!

Mutt 最近更新的好快啊 XDDD (相較於富奸的速度):「mutt 1.7.0 released」。看一下官網上這一波的更新記錄:

  • Mutt 1.7.0 was released on August 18, 2016. This release has several new features. Please see the UPDATING file for details.
  • Mutt 1.6.2 was released on July 6, 2016. This is a bug-fix release, fixing two issues found with 1.6.1.
  • Mutt 1.6.1 was released on May 1, 2016. This is a bug-fix release, fixing three issues found with 1.6.0.
  • Mutt 1.6.0 was released on April 4, 2016. This stable release has an enormous number of changes compared to the 1.4 series. Please review the changes file for an overview of changes since the 1.4 series, or the UPDATING file for a more detailed breakdown by each previous development release.
  • Mutt 1.4.2.3 was released on June 9, 2007. This release fixes CVE-2007-2683 (gecos overflow) and CVE-2007-1558 (APOP MD5 collision attack).
  • Mutt 1.4.2.2 was released on July 14, 2006. This release fixes CVE-2006-3242, a buffer overflow that could be triggered by a malicious IMAP server.

2016 開始更新的速度快好多... XD

自建 Mail System 的難度

Hacker News 上的「Ask HN: Is it possible to run your own mail server for personal use?」這篇道出了現在自建 mail system 的難度。作者遇到信件常常被各大 mail 服務歸類成 spam:

The problem is making sure my mail is not marked as spam by the major MTAs out there, gmail and hotmail both mark my mails as spam.

整理一下現在自己建 mail system 要做到哪些事情:

  • 確認 IP (包括 IPv4/IPv6) 沒有列入任何 Open Relay 清單中。
  • 確認 IP 的反解可以查出對應的正解。
  • 確認 SPF 設定。
  • 確認送出去的信件有 DKIM 簽名,而且 DNS 也有設上對應的設定。
  • 確認 TLS 的發送與接收都正常。
  • 確認 DMARC 機制正確運作。

如同「Exercising Software Freedom in the Global Email System」這邊講的,現在要自己搞 mail system 超累...

結合 Malware 與 Social Engineering 的詐騙

在「Malware scam appears to use GPS data to catch speeding Pennsylvania drivers」這邊看到新的詐騙方式。

手機的 malware app (藏有惡意程式的 app) 會要求 GPS 資料 (現在智慧型手機上 app 的常態),而當 malware app 偵測到你超速時,詐騙集團就會發出假的超速罰單,像是這樣:

From: Speeding Citation
To: (Accurate Email Removed)
Date: 03/11/2016 03:08 PM
Subject: [External] Notification of excess speed
First Name: (Accurate Name removed)
Last Name: (Accurate Name removed)
Notification of excess speed
Route: (Accurate Local Township Road –removed)
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.

文章提用的標語「ACCURATE SPEEDING DATA, FAKE EMAIL」好讚... XD

Archives