What’s going on?
During the yesterday evening, a server silently rebooted and ran into a corrupted InnoDB database. This was discovered today (https://status.tornevall.net is updated) and the database server was completely restored around 15:00-16:00 CET. Bitbucket, Confluence and JIRA was unaffected by the disruption.
As of summer 2019 the email-server upgrade is going to be final. During a few weeks the support for virtual domains is in place, DKIM and DMARC is new features and together with SpamAssassin upgrades and the restoring of DNSBL with FraudBL spam filtering should now hopefully be quite effective. Besides of this, there’s a global whitelist installed, which means that some domains that are considered important will be able to duck spam triggering. Users has also, via TorneAUTH the ability to whitelist senders themselves.
The last big change being done this far is the trigger on the spam itself. Historically, spam has been kept intact with a tagged Subject straight into the inbox of the mail account. By means, for each new spammail the messages has been staying put and disturbed the normal mailflow. The last change done, moves all mail flagged with spam to a new Spam-folder, which is automatically created if it does not exist. If you miss any mail – check there.
The final step now is to make all this configurable too. I’m aware that the Spambox may get filled if noone ever checks that mailbox out. What’s up next, is something that cleans up that folder periodically if noone else does it, so we can keep down the mailbox size more effective.
This release of the DNSBL for WordPress is a half-minor update. In a few days back in time a raised act against our contact forms has been observed. ContactForm7 is used on most of the tornevall.net-sites, so it has become frustrating when spam passes through the forms without the ability to instantly blacklist the posts (except for moments when akismet for example helps with the job). So I’ve just added support for WPCF7 into the plugin.
By means, if anything bad arrives via the mail, that has been posted via the contact form there’s just a few seconds between me and a complete blacklist of the sender. In this particular case I’m activating flag 16 (IP_MAILSERVER_SPAM) in the detection configuration and for v2.0.8 a new setting under “Protective options”, called “Turn on support for WPCF7”.
The issue tracker has this case added at https://tracker.tornevall.net/browse/DNSBLWP-63 and has been tested with WPCF7 5.1.4 this far.
dnsbl.tornevall.org has been the primary subname for blacklists several years now. However, it still seems that our 13 year old subname opm.tornevall.org is still going strong. The new DNSBL wasn’t supposed to support that part, however since there’s still quite a lot of resolvers running this check it has been reinstated in the API. The DNSBL has only been running a few days so the loss is probably not even notable, but if there’s time for it there might be built a blacklist validator, to see how many hosts missing this opm-part.