Archives for category: Webhosting

Paid per email and why it won’t work

August 22, 09 //
2

A while back, people in IT kicked the tires on paying per email sent. Nothing ever came of it but the idea is coming back in the form of Yahoo sponsored CentMail. I initially heard of this thanks to a well written article by MacGregor Campbell over at the New Scientist. According to the article Yahoo is experimenting with Pay per email system, but with the cost of an email be only one US cent ($.01US) and that money going the sender’s charity of choice. The eliminates the original complaint of Pay per Email; different ISPs charging different rates. It also gets more money into charities which is always a good idea.

Problem is, it won’t work.

Simple Mail Transport Protocol, or SMTP, is the mechanism by which is email is sent. It’s simple and it works. There really isn’t a lot to it. You send a plain text stream that contains your message header and the email body to your domain’s SMTP server and it sends it out to the recipient’s mail server. I’m simplifying it a bit, but not by much. And due to its relatively straightforward design, SMTP is subject to abuse. We’ve all gotten the viagra and porn spam in our inbox. And there are methods to deal with spam like Domain Keys, SPF records, RBLs and server side spam filter software. And that all works, but it adds unnecessary levels of complexity to the email process. The CentMail idea will add just another layer to that.

I don’t work with that aspect of email much anymore, but my coworkers who work the phones do. Each of them is helping one of our customers get out of email purgatory. A customer will send some email that one of the ISP doesn’t like and it’ll get put on the ISPs blacklist.  The customer then calls us and one of the guys in Support has to fight with the ISP to get the customer’s Domain removed from the blacklist. The problems lay in that there is no standard on what classifies spam and how to handle it. Each email provider, be it an ISP like Charter or Comcast, or a webmail provider like Google and Yahoo have different requirements and have different levels of pain involved with getting a domain whitelisted.

And that’s not including the RBLs, or Remote Blacklists. These RBLs are another level of spam prevention and another level of complexity. They work by keeping a list of spam related IP address and Domains. Your mail client checks each incoming email against each RBL and drops mail that is on the list. Getting off the RBLs can be even more painful, ranging from paying a fee to clearing out an entire C-block of IPs.

The CentMail website, which is a horrible pun by the way, states “Anyone you email can automatically verify your donation and confirm you’re not a spammer. Since spammers send millions of emails every day, it is prohibitively expensive for them to donate even just 1¢ per email.” That won’t stop the spammers. I’m guessing that Yahoo is assuming that there will be checks on both ends of the email sending process. But unless they intentionally modifiy SMTP to be non standard compliant, all a spammer has to do is use an MTA that doesn’t check for the Cyberstamp to get their mail out.

From the process described on the New Scientist article, it sounds like there will be an addition to the email’s header that will contain the Cyberstamp signature, and a link will be embedded that will allow the sender to verify that your did donate that penny to the Humane Society. That’s great until the Spammers figure out a way to spoof the headers and make that link redirect the user to a phish site. There are enough people out there using unpatched versions of Windows XP that this would be presenting another vector for hackers to compromise new systems.

On that same vein, what is to prevent a receiver from filtering email that contains a cyberstamp to a charity that they find objectionable? Lets say I send you an email and I donate that penny to AIDS research or Planned Parenthood. Now lets say you work for a conservative company that finds both of objectionable. What is stopping them from just dropping those emails? This adds another layer of potential problems for CentMail.

And what’s keeping companies from creating their own systems or not even adopting it? This system would only work if everyone, and I mean everyone was on board with it. And the disturbing trend of ISPs hijacking DNS indicates that the ISPsa at least have no desire for adopting a standard that someone else created.

All in all, I don’t see Cyberstamps stopping the spam problem with the way email is currently setup. The RBLs and the spam filters work well. I’ve gotten maybe on 1 spam in the past 3 months on one of my email accounts, which is a lot less then what i get in my physical mailbox. In order for Centmail to work, you’d need a major upheval in the status quo and I don’t see it happening. Cyberstamps version 2 is doomed to fail even before its released.

Recompiling Apache to use mpm_worker on a CPanel Server

July 11, 09 //
0

Arguably, the most important service that runs on a server is its webserver, and for most of the world this webserver is Apache. One of Apache’s main selling points, its modularity, is also its biggest drawback if not configured properly. Apache 2.0 and newer can be compiled with Multi Process Modules, or MPMs. The default MPM is prefork. Prefork is based off of the aging Apache 1.3 and works fine, but does have its disadvantages: it doesn’t handle large amounts of traffic gracefully nor is it really designed to handle newer hardware.

This is where mpm_worker comes in. Worker is a threaded MPM that is designed for newer hardware and handles larger amounts of traffic better. While prefork is the Apache default MPM, Debian based distrubutions run worker by default. Information regarding worker is available at the Apache Documentation.

“But,” you’re asking yourself, “I run a CPanel dedicated server and/or virtual private server at my webhost. Can I use worker?” Absolutely. CPanel provides the aptly named EasyApache script that allows for recompiles of Apache and PHP using an easy to navigate interface.

Before I get into the nitty gritty, a few caveats:

  1. If you’re in a shared hosting or reseller environment using CPanel, you’re probably out of luck. Most hosting providers do not allow for software changes in such situations.
  2. The Webhost Manager does have a web interface for EasyApache. I wouldn’t use it, because if your browser crashes during the EA, it’ll Break Everything™.
  3. Unless you are running a module that requires non threaded Apache, upgrading to worker will not cause any problems. Upgrading to Worker will not affect your PHP code, or your databases or your Google Analytics.

First thing, You’ll want to check to see what version of Apache you’re running, because if you’re running worker already then you’re already set. You can figure out the version of Apache by running the following command:

/usr/local/apache/bin/httpd -V

Which will give output like the following:

version

The line you’re looking for is the “APACHE_MPM_DIR”. As the screen shot shows, this server has Apache running with prefork, so it needs an upgrade. You launch the EasyApache script with the following command.

/scripts/easyapache

If your server is in a virtual environment using Xen, the EasyApache script will require a flag when it is executed. This flag will be provided when the script is ran. The technical reason is because the Xen console doesn’t support curses, which the EasyApache script uses.

A warning, I highly recommend running the EasyApache in a screen. As stated earlier, stopping an EA while its doing its thing will Break Everything™.

You’ll want to Customize based off of current profile and make sure that your compile Apache 2.0 or 2.2. Unless you’re upgrading PHP also, the next couple of windows can be skipped. On the Short Options List, pick the Exhaustive Options List. Once you’re in the exhaustive list, scroll until you hit the MPMs. It’ll look like this.

ea1

Unselect any selected MPMs and select Worker. More often then not, no MPM will be selected, which is fine because Prefork will be installed if nothing will be selected. The screen shot is with Apache 2.2 select, this screen will be different if you’re compiling Apache 2.0.

Once you select Worker, the following screen will pop up:

ea2

Select OK and hit enter. The warning is there because the non prefork or worker MPMs are experimental will probably not work most of the time. Worker is completely stable, so its safe to ignore this warning.

After that warning, navigate to the end and click save and build. With that, you have to wait for EasyApache to do its thing. This normally takes about 30 minutes, but can take longer depending on server load and how many modules are selected in EasyApache.

WARNING: Do not close your shell window until the EasyApache is done, or it will break things in interesting and fun ways. You DID remember to run this in a screen, right?

Once it’s done, you’ll want to check that it finished correctly. I usually do this by restarting Apache. Generally, if the EasyApache failed, Apache will error on restart.  After Apache restarts, you’ll want to check to make sure that Worker was installed, running the version check command from earlier. If everything went according to plan, you should get something like this:

final

If you’ve got something like that, then everything worked correctly. Now we’ll want to check to make sure Apache has its optimization directives in place. Sometimes EasyApache includes these directives, other times it doesn’t and I’m not really sure why. You’ll want to search for a block of text towards the top of the config at /usr/local/apache/conf/httpd.conf like the following. If its not there, add it. This block of text will be before the vhosts.

Timeout 300
KeepAlive On
MaxKeepAliveRequests 150
KeepAliveTimeout 5
<IfModule worker.c>
ServerLimit 16
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 500
</IfModule>

Once you’ve added these directives, you’ll want to restart Apache so they can take effect. These directives will probably need to be scaled depending on your server’s traffic load and how much resources the server has, but they do work well as a starting point.

And you’re done! Apache is now running the mpm_worker module. If your server has a high traffic load, the difference should be immediate. Slower traffic servers may not notice it until later.