Random Ramblings of a Sysadmin
Happy New Year to all!
And it’s quite happy for me because as of today I’m now a full-time employee of the Mozilla Foundation.
Since I’m no longer part-time, I’ve removed the donate link from my blog… your money is better spent donating to the tsunami relief funds right now anyway.
One of the really promising new anti-spam technogies which is really starting to gain some ground on the net (lots of people are actually using it now) is SPF. It works by having ISPs create DNS entries which list what servers are allowed to send email using their domain name. Since most spammers forge their headers, this makes it really easy to block spam that claims to be from an ISP that has those entries set up.
One of the minor problems with this is it completely breaks the existing notion of a “mail forwarding mailbox.” A little known fact is that we don’t have an in-house mail system at the Mozilla Foundation yet for people to pick up email from (there isn’t really a need for one yet). When you see someone with an @mozilla.org email address, that mail is redirected somewhere else (usually to that person’s home ISP or their own server) after it gets to mozilla.org. With traditional mail forwarding, the mozilla.org mail server would take that email with the @mozilla.org recipient on it, and just change the recipient address to the final destination address and send it on its way, without touching the sender address.
Now enter the age of SPF. The person sending this hypothetical email from @somedomain.com is using an ISP that has one of those SPF records set up. One of the ISPs that several Mozilla Foundation employees use, just started blocking mail if the SPF records don’t match. They receive the email and it says it’s from @somedomain.com. They look up the SPF record for somedomain.com, and get the list of authorized servers to use that domain. But guess what? It didn’t come from that server, it came from rheet.mozilla.org. Bounce.
They have a solution for that, but the solution is causing yet more trouble for us, and I could use some ideas. Continue reading “SPF and SRS and friends”
I spent a good chunk of today triaging old bugs in the Server Ops component on bugzilla.mozilla.org. I haven’t finished yet, but I closed out a huge number of bugs that were specific to things in the AOL infrastructure that we haven’t been using in the more than a year since the Foundation got created and mozilla.org moved to its own facilities. 🙂 Some of the comments on those old bugs make me really glad we don’t have to deal with AOL’s Information Services folks anymore.
I explained most of this on the Bugzilla developer’s mailing list the other day, but I figure it deserves a little wider audience, so I’m reposting it here.
As mentioned in my previous blog entry, I was hired by the Mozilla Foundation a couple weeks ago. My primary responsibilities will be system administration tasks, however there will probably be some time for Bugzilla that can be squeezed in there, particularly when there are features they need for mozilla.org’s Bugzilla. They also only hired me part time (25 hours per week). After a careful review of the family finances with my wife, we decided we could make it work on that level of income, and so I opted to just leave my employment at that rather than picking up another job to make up the difference, with the express purpose of being able to spend the rest of that free time on Bugzilla. Last week, because of the Firefox 1.0 release, I got in lots of extra hours because we had to set up and/or reconfigure a half a dozen servers on the fly to pick up the extra load. 🙂 This last week and probably next, I’ll be in catch-up mode. I’ve got two years of partially ignoring the mailing lists and most of my bugmail to catch up on.
The reviewers list on the website got updated yesterday. It’s now accurate. There are people I will accept reviews from that are not on that list, and that I will probably ask to do reviews from time to time, but I took off everyone who hasn’t actually done any reviews in the last 6 months, since if they’re not around to do regular reviews, there’s no point in telling people to make requests of them. I also added on several of the new people that we’ve added to the review team over the last couple months that hadn’t been added to it yet (and who have been some of the more active reviewers, despite them not being listed for people to know they could make requests of them). Those are the folks who it makes sense to have listed, since they’ll be the fastest to respond. 🙂
The roadmap page is next on my list on the website. It’s quite out of date, and doesn’t even reflect our current development model anymore. I’m going to attempt to get that cleaned up right after I finish reviewing this patch I keep promising Joel I’m going to tackle 🙂
For those that haven’t already heard, I was hired by the Mozilla Foundation last week as a system administrator. I started the night before the Firefox 1.0 release, just in time to fight with the servers as the load hit. This also kept me busy enough that I didn’t have time to blog about it until now 🙂 We managed to borrow a few servers on short notice to pick up the extra load (much thanks to Oregon State University and RedHat) and did a lot of tweaking to increase performance on several servers. All in all it’s been pretty exciting so far.