Announcements: November 2008 Archives
..for security reasons.
Hollar if anything is still amiss.
This is to users to ssh to gigo.com.
Last year, I enabled countermeasures to help keep the SSH hack attempts against gigo.com down to a minimum. We automatically block the IP address of systems trying to log in to gigo.com and repeatedly failing.
The problems are getting worse; as such I'm making these changes:
- Attempts to log in as a valid ID: unchanged; 10 attempts and you're banned 15 minutes
- Unknown accounts and daemon accounts: immediately blocked for 150 minutes
If you log in from another account with a different account name, make sure that you always remember to specify your gigo.com account name (correctly!) or the machine you are connecting from will be blocked for everything but the web server, for 150 minutes. If this regularly affects you, I *can* whitelist specific IP addresses to be immune to this behavior.
[Updated Sunday 2:00p] - Changes are now in effect.
Condensed version:
Attachments are allowed now (most are, at least). Incoming viruses or otherwise "dangerous" files will be made a bit safer (the message is turned into an attachment; and the message you see, will say [VIRUS ATTACHED] in the subject line).
Attachments (in and out) are scanned for viruses using an open-source virus checker. This is not a good substitute for you running your own protection. We could (collectively) pay for a commercial virus checker. A better use for your money is to make sure your workstation is running antivirus of its own.
Spam filtering has changed a bit; please make sure you are filtering on "X-Spam-Flag: YES". If you can only filter by subject, then look for SPAM in the subject line. A limited amount of customization is still available at https://mail.gigo.com/ - primarily affecting whitelists, blacklists, and a minimum score to consider a message as SPAM.
Finally, @gigo.com mail is being signed with DKIM. Some providers will give us a a positive nudge when they do their own spam checking when the mail is properly signed. I can do this for other domains as well - let me know if you want this.
I'm reachable as jfesler@gigo.com or (if you have problems with that for any reason) postmaster@gigo.com .
As of this morning I've enabled some of the blacklists from SpamHaus. Anyone who has their mail rejected mailing our system will be given a url in the bounce message; as well as postmaster@gigo.com's email address for exceptions. Note that postmaster is never filtered here - even if we generally block their mail when they mail me as postmaster, it'll still come through.
I'm watching the logs and looking at the rejects looking for signs of false positives.
This change in behavior is to cut down the resources it takes to fight spam - the greylisting was the primary barrier previously, but that is becoming costly. If you want me to turn off antispam measures at the mail server level to your address or domain, let me know.
