Web browsers. Internet Explorer in particular.

If you think that something is a little bit off in the display of the web site, I can tell you why. Symptoms include that some of the text on the right overlaps this text box a bit, when you size the window the display looks wrong, etc.

If this describes your experience, you are using Internet Explorer, or IE. IE is a very poor web browser. It is extraordinarily unsafe, with several gaping security holes announced most weeks. It is dated. It doesn’t support things like tabbed browsing.

But most importantly, it doesn’t correctly implement any standards. This web site is built using standard web based technologies, and almost every web browser can show it correctly – just not IE. Even the Feds in the US say you shouldn’t use it.

I recommend FireFox. It’s free, and it works great. Or you can use Mozilla, or Opera, or any other browser you like.

Or you can live with IE, its security issues, and the fact that some sites don’t look right :-)

update: Someone has made a cool web site for people currently using IE.

EMail Scanning

I’ve spent a few days reworking the mail setup, and thought I’d share some information on the actual setup and recent changes here. This should mostly be of interest to people having one or more domains hosted on the mertner.com server.

Receiving a mail is a surprisingly complicated process – more things than you’d expect occur whenever a mail changes hands from one server to another. Sadly, the bulk of the work serves a single purpose only, namely preventing SPAM and other unpleasantries from reaching end-users. As the sender cannot be trusted (to participate in this goal), it falls upon the receiving party to ensure that everything is legit before accepting and delivering the mail to its recipient.

This involves verifying that the sender is legitimate, presents valid data about itself, complies with Internet protocols (RFCs), and in general behaves nicely. It also entails scanning the message itself for malicious content (attachments or vira), advertisements, and other junk.

White-, Black- and Greylisting

The first level of defence uses a mechanism called [greylisting](http://projects.puremagic.com/greylisting/), and relies on the fact that SPAM senders are always in a hurry to get their messages out. Whenever a new sender is encountered, the server will ask the sender to retry delivery later. If the sender is too aggressive and retries immediatedly, he will be blacklisted. If the sender is patient and retries only after 20 minutes, he will be whitelisted for the next 60 days. Note: the SMTP protocol definition (RFC2821) says that clients should wait for at least 30 minutes before retrying.

SpamAssassin Scores

[SpamAssassin](http://spamassassin.apache.org) is used to analyze the content of the actual message based on an endless list of rules. Some rules match regular emails and give negative points, others match SPAM and give positive points. The sum of the points awarded from all matching rules yield a score that is used subsequently to decide the fate of the mail being delivered.

Domain Actions

Once a score has been computed the server needs to figure out what action to take for the message. Every domain can define its own action(s) and minimum score(s) required for triggering the action. The currently available actions are:

* reject (don’t accept the message from the sending party)
* drop (silently discard the message, pretending it was delivered)
* warn (deliver the message to the recipient, but add message headers to identify the mail as SPAM; if the message is virus infected, action drop is used instead)

This is best illustrated with an example. Imagine the server receiving a mail for a recipient in the mertner.com domain, and assigning the score 5.2 to the message. The domain mertner.com has been configured to warn when scores exceed 4.0 and to reject when scores exceed 6.0. Thus, this particular message would have it’s subject rewritten (prefixed with \[SPAM\]) and various messages headers inserted, but eventually get delivered to the recipient. Had the score been 6.2 instead of 5.2 the mail would have been rejected.

The current defaults are set to warn at 4.0 and reject at 5.0. Just let me know if you’d like to use different settings for your domain(s).

Message Headers

If a message gets delivered to its intended recipient, chances are that it will have been decorated with a number of message headers. These are usually not immediatedly visible in email clients, but are nevertheless present and can thus be used for filtering (such as moving messages suspected of being SPAM to designated folders). The following message headers are (potentially) added:

* X-Spam-Flag (YES, if the server thinks it is a spam)
* X-Spam-Score (numeric counter, and a list of + characters representing the size of the counter)
* X-Spam-Report (the entire scorecard from SpamAssassing; this value of this can be quite lengthy as every matching rule and the points awarded will be listed here)
* X-DNSbl-Warning (sending server is listed as an open relay and likely source of SPAM)
* X-ACL-Warn (sending server is not RFC compliant, behaves badly or is otherwise suspect).
* X-HELO-Warning (sending server is misconfigured or lies about it’s identity)

Examples of actual message headers:

* X-Spam-Score: 4.8 (++++)
* X-ACL-Warn: remote host used our name in HELO/EHLO greeting.
* X-HELO-Warning: Remote host 80.160.169.234 (somebody.tele.dk) incorrectly presented itself as mikkel.org

Most of you will not want to use these headers, but at least now you know why and that they’re there.

Credits

At the end of this post I’d like to express my gratitude to the people behind the following software projects, without whose efforts none of the above would have been possible:

1. [Exim](http://www.exim.org)
2. [Exiscan](http://duncanthrax.net/exiscan-acl/)
3. [SpamAssassin](http://spamassassin.apache.org)
4. [DSPAM](http://www.nuclearelephant.com/projects/dspam/)

Please donate to these projects. Even $20 can make a difference, and they most certainly deserve your support.

Old pictures

Some of the galleries from the old web site are not available as a Picture Gallery – if you want to see them, please use the links below:

* [Baby Pictures](http://www.mertner.com/old/baby.html)
* [Astronomy Pictures](http://www.mertner.com/old/astronomy.html)
* [Cat Pictures](http://www.mertner.com/old/cats.html)
* [Marriage in Las Vegas](http://www.mertner.com/old/marriage.html)
* [Ottawa](http://www.mertner.com/old/ottawa.html)
* [Pies for Charity](http://www.mertner.com/old/pies_for_charity.html)
* [Summer 2001](http://www.mertner.com/old/summer2001.html)

Thanks to…

This web site is run by [WordPress](http://www.wordpress.org) and also uses code from several other sources. A big “Thank You” goes out to the people who made the following:

* [Faked Folders](http://stevarino.com/wp/faked-folders/)
* [Search Hilite](http://rboren.nu/)
* [MarkDown](http://daringfireball.net/projects/markdown/)
* [Sortable Archives](http://weblogtoolscollection.com/archives/2004/05/23/sortable-nicer-archives-for-wordpress/)
* [Thumb-in-Post](http://www.mertner.com/wp-admin/plugins.php)
* [View Levels](http://www.furbona.org/viewlevel.html)
* [WP-Amazon](http://manalang.com/archives/2004/06/23/wordpress-plugin-wp-amazon)
* [Kittens Spaminator](http://mookitty.co.uk/devblog/category/kittens-spaminator/)

Thank You!

Site Update

After years of waiting, mertner.com has received a facelift to what you are looking at now.

The site now has a blogging engine that allows us to easily show noteworthy news related to the site on the front page.

The existing picture gallery contents has been preserved and opens in a new window. To access it, please use the link in the upper right hand corner.

Finally, several members of the Mertner family now have their own blogs, which can be accessed by using one of the links at the top of the page.

If you would like your own blog and your name ends in Mertner, drop us a line!