<2005 October>
SunMonTueWedThuFriSat
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Saturday, 15 October 2005

Now that's what I call a quick response to my request. Thanks! Community Server rocks.

Categories: Community | this
Saturday, 15 October 2005 17:12:05 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 14 October 2005

Remember my call to action in Web applications and SMTP proxies don't mix well (it seems)? I mentioned that I am guilty as well - not only for Web applications as it turned out, but also for other server-based software, such as the Subversion post-commit hook I wrote.

You can already guess the contents of the change log (the last public version was 1.7):

  • SMTP authentication & SMTP server port options added

If you are running the hook today, all you need to do is copy the new post-commit.exe over your existing one (assuming you use 1.7), and add the following four lines to your post-commit.exe.config's <appSettings> section:

<add key="SMTPAuthentication" value="" />
<add key="SMTPServerPort" value="25" />
<add key="SMTPUsername" value="username" />
<add key="SMTPPassword" value="password" />

Those values default post-commit.exe to the 1.7 behavior. To use authentication, set SMTPAuthentication to BASIC, and provide username and password. Most of the time, you will not need to play with the server port.

Finally, here is the usual binary & source code archive:

SvnPostCommitHook1.8.0.51014.zip (424.24 KB)

Categories: Subversion | this | Use the source Luke
Friday, 14 October 2005 11:23:35 (W. Europe Daylight Time, UTC+02:00)  #    Comments [3]

 

My dedicated server box not only serves Web applications (such as this blog), it also handles mail for the respective domains. This means I have to deal with spam. Which on one hand is nice because I can do whatever I please: drop mail based on whatever criteria I set up, and use whatever filtering software I need.

This is how the NoSpamToday! SMTP Proxy found its way on my box. I simply got tired of maintaining my (rather old) standalone SpamAssassin installation, and dealing with MailEnable's integrated but not chained RBL / SPF / virus scanning (by not chained I mean that those filters are evaluated separately, not like SA, where all filters[rules] are weighted and evaluated as a whole).

Because I only have one box, I had to resort to relocate MailEnable to port 45, so that NoSpamToday! could listen on 25 and forward to MailEnable if appropriate (*). I did configure SMTPS previously (port 465 redirected to localhost:45 via stunnel), so standard users could deliver their mail directly to MailEnable instead of having their outgoing mail scanned by the proxy.

But what about my Web applications? Initially, those were sending to localhost directly, and as such I had a relaying exception set up in MailEnable. This one had to go, obviously. So how can applications deliver mail to the mail server via the proxy? SMTP authentication is necessary for this to happen.

But this doesn't solve the whole issue, it opens a can of worms, performance-wise. The problem is, every single application (Community Server, dasBlog, Gemini, ...) assumes that your SMTP server listens on port 25. Wrong. That's the proxy. And that's a problem: all local outgoing email from those applications is scanned by antivirus and antispam filters. And that's completely wasting CPU resources. As well as adding to # of addresses accepted by the backend mailserver, driving up the licenses that would be needed for NoSpamToday! (**).

Call to action: Implement not only SMTP authentication in your applications, but also make the SMTP server port configurable. I'm guilty as well.

(*)

(**)

Categories: Administration | ASP.NET | this
Friday, 14 October 2005 10:19:33 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

This whitepaper introduces the guiding principles and thoughts behind the .NET Framework, the core features of the Common Language Runtime and its supporting Framework Base Class Libraries and how it is evolving in the next major version.

Categories: .NET
Friday, 14 October 2005 08:22:18 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 05 October 2005

David Litchfield published the paper Data-mining with SQL Injection and Inference (more NISR papers). From the abstract: When drilling for data via SQL injection there are three classes of attack – inband, out-of-band and the relatively unknown inference attack. Inband attacks extract data over the same channel between the client and the web server, for example, results are embedded in a web page via a union select. Out-of-band attacks employ a different communications channel to drill for data by using database mail or HTTP functions for example. Inference attacks stand alone in the fact that no actual data is transferred – rather, a difference in the way an application behaves can allow an attacker to infer the value of the data.

Categories: Security | SQL Server
Wednesday, 05 October 2005 23:36:51 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

You only have to wait till the others do all the typing: Paul and Plip are writing about the Web Deployment Projects feature that we were shown today at the AspInsiders summit. Cool stuff that should be in the hands of everybody by the time VS05 launches.

Categories: 2 Ohhhh | ASP.NET | Visual Studio
Wednesday, 05 October 2005 22:13:13 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

Another great tip from Ben Armstrong, aka Virtual PC Guy: Configuring NAT via using the Microsoft Loopback Adapter and Internet Connection Sharing.

Categories: Administration
Wednesday, 05 October 2005 15:47:30 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

Seems IE 7 has sniffed me out:

So please do not try to log on here :-)

Categories: this
Wednesday, 05 October 2005 01:43:21 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Tuesday, 04 October 2005

Here you will find various documents to get you started with Monad. Includes a getting started guide (now that was a surprise), MSH language reference, using tracing and three hands-on labs. Downloads for Monad itself can be found in the Related Downloads section.

Categories: Administration | Cool Download
Tuesday, 04 October 2005 15:59:52 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

We all laughed heartily today when we heard about Eli's misfortune, which he describes in his blog entry I'm in Redmond. If it weren't for a first-hand account (he was standing in front of us later today, having arrived in the right Redmond), this story would be too crazy to be true.

From the shits and giggles department: Codename "Spang". What the sound of a Buffalo wing hitting a dish can get started... all you need is a couple of crazy Brits, preferably geeks, sitting together for dinner in a steakhouse. All the craziness about this also can serve as a nice lesson to various people who constantly "wave candy in front of a diabetic" so to speak (yes you, the one blogging about the cool stuff only you have access to). Spang also stirred a debate on Channel9 (read).

Categories: this
Tuesday, 04 October 2005 06:36:08 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.